Welcome to Ansible Galaxy FortiOS Collection Documentation!¶
fortios_alertemail_setting – Configure alert email settings in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify alertemail feature and setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- alertemail_setting - Configure alert email settings. type: dict
- admin_login_logs - Enable/disable administrator login/logout logs in alert email. type: str choices: enable, disable
- alert_interval - Alert alert interval in minutes. type: int
- amc_interface_bypass_mode - Enable/disable Fortinet Advanced Mezzanine Card (AMC) interface bypass mode logs in alert email. type: str choices: enable, disable
- antivirus_logs - Enable/disable antivirus logs in alert email. type: str choices: enable, disable
- configuration_changes_logs - Enable/disable configuration change logs in alert email. type: str choices: enable, disable
- critical_interval - Critical alert interval in minutes. type: int
- debug_interval - Debug alert interval in minutes. type: int
- email_interval - Interval between sending alert emails (1 - 99999 min). type: int
- emergency_interval - Emergency alert interval in minutes. type: int
- error_interval - Error alert interval in minutes. type: int
- FDS_license_expiring_days - Number of days to send alert email prior to FortiGuard license expiration (1 - 100 days). type: int
- FDS_license_expiring_warning - Enable/disable FortiGuard license expiration warnings in alert email. type: str choices: enable, disable
- FDS_update_logs - Enable/disable FortiGuard update logs in alert email. type: str choices: enable, disable
- filter_mode - How to filter log messages that are sent to alert emails. type: str choices: category, threshold
- FIPS_CC_errors - Enable/disable FIPS and Common Criteria error logs in alert email. type: str choices: enable, disable
- firewall_authentication_failure_logs - Enable/disable firewall authentication failure logs in alert email. type: str choices: enable, disable
- fortiguard_log_quota_warning - Enable/disable FortiCloud log quota warnings in alert email. type: str choices: enable, disable
- FSSO_disconnect_logs - Enable/disable logging of FSSO collector agent disconnect. type: str choices: enable, disable
- HA_logs - Enable/disable HA logs in alert email. type: str choices: enable, disable
- information_interval - Information alert interval in minutes. type: int
- IPS_logs - Enable/disable IPS logs in alert email. type: str choices: enable, disable
- IPsec_errors_logs - Enable/disable IPsec error logs in alert email. type: str choices: enable, disable
- local_disk_usage - Disk usage percentage at which to send alert email (1 - 99 percent). type: int
- log_disk_usage_warning - Enable/disable disk usage warnings in alert email. type: str choices: enable, disable
- mailto1 - Email address to send alert email to (usually a system administrator) (max. 64 characters). type: str
- mailto2 - Optional second email address to send alert email to (max. 64 characters). type: str
- mailto3 - Optional third email address to send alert email to (max. 64 characters). type: str
- notification_interval - Notification alert interval in minutes. type: int
- PPP_errors_logs - Enable/disable PPP error logs in alert email. type: str choices: enable, disable
- severity - Lowest severity level to log. type: str choices: emergency, alert, critical, error, warning, notification, information, debug
- ssh_logs - Enable/disable SSH logs in alert email. type: str choices: enable, disable
- sslvpn_authentication_errors_logs - Enable/disable SSL-VPN authentication error logs in alert email. type: str choices: enable, disable
- username - Name that appears in the From: field of alert emails (max. 36 characters). type: str
- violation_traffic_logs - Enable/disable violation traffic logs in alert email. type: str choices: enable, disable
- warning_interval - Warning alert interval in minutes. type: int
- webfilter_logs - Enable/disable web filter logs in alert email. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure alert email settings.
fortios_alertemail_setting:
vdom: "{{ vdom }}"
alertemail_setting:
admin_login_logs: "enable"
alert_interval: "4"
amc_interface_bypass_mode: "enable"
antivirus_logs: "enable"
configuration_changes_logs: "enable"
critical_interval: "8"
debug_interval: "9"
email_interval: "10"
emergency_interval: "11"
error_interval: "12"
FDS_license_expiring_days: "13"
FDS_license_expiring_warning: "enable"
FDS_update_logs: "enable"
filter_mode: "category"
FIPS_CC_errors: "enable"
firewall_authentication_failure_logs: "enable"
fortiguard_log_quota_warning: "enable"
FSSO_disconnect_logs: "enable"
HA_logs: "enable"
information_interval: "22"
IPS_logs: "enable"
IPsec_errors_logs: "enable"
local_disk_usage: "25"
log_disk_usage_warning: "enable"
mailto1: "<your_own_value>"
mailto2: "<your_own_value>"
mailto3: "<your_own_value>"
notification_interval: "30"
PPP_errors_logs: "enable"
severity: "emergency"
ssh_logs: "enable"
sslvpn_authentication_errors_logs: "enable"
username: "<your_own_value>"
violation_traffic_logs: "enable"
warning_interval: "37"
webfilter_logs: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_antivirus_heuristic – Configure global heuristic options in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify antivirus feature and heuristic category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- antivirus_heuristic - Configure global heuristic options. type: dict
- mode - Enable/disable heuristics and determine how the system behaves if heuristics detects a problem. type: str choices: pass, block, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure global heuristic options.
fortios_antivirus_heuristic:
vdom: "{{ vdom }}"
antivirus_heuristic:
mode: "pass"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_antivirus_profile – Configure AntiVirus profiles in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify antivirus feature and profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- antivirus_profile - Configure AntiVirus profiles. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- analytics_bl_filetype - Only submit files matching this DLP file-pattern to FortiSandbox. Source dlp.filepattern.id. type: int
- analytics_db - Enable/disable using the FortiSandbox signature database to supplement the AV signature databases. type: str choices: disable, enable
- analytics_max_upload - Maximum size of files that can be uploaded to FortiSandbox (1 - 395 MBytes). type: int
- analytics_wl_filetype - Do not submit files matching this DLP file-pattern to FortiSandbox. Source dlp.filepattern.id. type: int
- av_block_log - Enable/disable logging for AntiVirus file blocking. type: str choices: enable, disable
- av_virus_log - Enable/disable AntiVirus logging. type: str choices: enable, disable
- comment - Comment. type: str
- content_disarm - AV Content Disarm and Reconstruction settings. type: dict
- cover_page - Enable/disable inserting a cover page into the disarmed document. type: str choices: disable, enable
- detect_only - Enable/disable only detect disarmable files, do not alter content. type: str choices: disable, enable
- office_embed - Enable/disable stripping of embedded objects in Microsoft Office documents. type: str choices: disable, enable
- office_hylink - Enable/disable stripping of hyperlinks in Microsoft Office documents. type: str choices: disable, enable
- office_linked - Enable/disable stripping of linked objects in Microsoft Office documents. type: str choices: disable, enable
- office_macro - Enable/disable stripping of macros in Microsoft Office documents. type: str choices: disable, enable
- original_file_destination - Destination to send original file if active content is removed. type: str choices: fortisandbox, quarantine, discard
- pdf_act_form - Enable/disable stripping of actions that submit data to other targets in PDF documents. type: str choices: disable, enable
- pdf_act_gotor - Enable/disable stripping of links to other PDFs in PDF documents. type: str choices: disable, enable
- pdf_act_java - Enable/disable stripping of actions that execute JavaScript code in PDF documents. type: str choices: disable, enable
- pdf_act_launch - Enable/disable stripping of links to external applications in PDF documents. type: str choices: disable, enable
- pdf_act_movie - Enable/disable stripping of embedded movies in PDF documents. type: str choices: disable, enable
- pdf_act_sound - Enable/disable stripping of embedded sound files in PDF documents. type: str choices: disable, enable
- pdf_embedfile - Enable/disable stripping of embedded files in PDF documents. type: str choices: disable, enable
- pdf_hyperlink - Enable/disable stripping of hyperlinks from PDF documents. type: str choices: disable, enable
- pdf_javacode - Enable/disable stripping of JavaScript code in PDF documents. type: str choices: disable, enable
- extended_log - Enable/disable extended logging for antivirus. type: str choices: enable, disable
- ftgd_analytics - Settings to control which files are uploaded to FortiSandbox. type: str choices: disable, suspicious, everything
- ftp - Configure FTP AntiVirus options. type: dict
- archive_block - Select the archive types to block. type: str choices: encrypted, corrupted, partiallycorrupted, multipart, nested, mailbomb, fileslimit, timeout, unhandled
- archive_log - Select the archive types to log. type: str choices: encrypted, corrupted, partiallycorrupted, multipart, nested, mailbomb, fileslimit, timeout, unhandled
- emulator - Enable/disable the virus emulator. type: str choices: enable, disable
- options - Enable/disable FTP AntiVirus scanning, monitoring, and quarantine. type: str choices: scan, avmonitor, quarantine
- outbreak_prevention - Enable FortiGuard Virus Outbreak Prevention service. type: str choices: disabled, files, full-archive
- http - Configure HTTP AntiVirus options. type: dict
- archive_block - Select the archive types to block. type: str choices: encrypted, corrupted, partiallycorrupted, multipart, nested, mailbomb, fileslimit, timeout, unhandled
- archive_log - Select the archive types to log. type: str choices: encrypted, corrupted, partiallycorrupted, multipart, nested, mailbomb, fileslimit, timeout, unhandled
- content_disarm - Enable Content Disarm and Reconstruction for this protocol. type: str choices: disable, enable
- emulator - Enable/disable the virus emulator. type: str choices: enable, disable
- options - Enable/disable HTTP AntiVirus scanning, monitoring, and quarantine. type: str choices: scan, avmonitor, quarantine
- outbreak_prevention - Enable FortiGuard Virus Outbreak Prevention service. type: str choices: disabled, files, full-archive
- imap - Configure IMAP AntiVirus options. type: dict
- archive_block - Select the archive types to block. type: str choices: encrypted, corrupted, partiallycorrupted, multipart, nested, mailbomb, fileslimit, timeout, unhandled
- archive_log - Select the archive types to log. type: str choices: encrypted, corrupted, partiallycorrupted, multipart, nested, mailbomb, fileslimit, timeout, unhandled
- content_disarm - Enable Content Disarm and Reconstruction for this protocol. type: str choices: disable, enable
- emulator - Enable/disable the virus emulator. type: str choices: enable, disable
- executables - Treat Windows executable files as viruses for the purpose of blocking or monitoring. type: str choices: default, virus
- options - Enable/disable IMAP AntiVirus scanning, monitoring, and quarantine. type: str choices: scan, avmonitor, quarantine
- outbreak_prevention - Enable FortiGuard Virus Outbreak Prevention service. type: str choices: disabled, files, full-archive
- inspection_mode - Inspection mode. type: str choices: proxy, flow-based
- mapi - Configure MAPI AntiVirus options. type: dict
- archive_block - Select the archive types to block. type: str choices: encrypted, corrupted, partiallycorrupted, multipart, nested, mailbomb, fileslimit, timeout, unhandled
- archive_log - Select the archive types to log. type: str choices: encrypted, corrupted, partiallycorrupted, multipart, nested, mailbomb, fileslimit, timeout, unhandled
- emulator - Enable/disable the virus emulator. type: str choices: enable, disable
- executables - Treat Windows executable files as viruses for the purpose of blocking or monitoring. type: str choices: default, virus
- options - Enable/disable MAPI AntiVirus scanning, monitoring, and quarantine. type: str choices: scan, avmonitor, quarantine
- outbreak_prevention - Enable FortiGuard Virus Outbreak Prevention service. type: str choices: disabled, files, full-archive
- mobile_malware_db - Enable/disable using the mobile malware signature database. type: str choices: disable, enable
- nac_quar - Configure AntiVirus quarantine settings. type: dict
- expiry - Duration of quarantine. type: str
- infected - Enable/Disable quarantining infected hosts to the banned user list. type: str choices: none, quar-src-ip
- log - Enable/disable AntiVirus quarantine logging. type: str choices: enable, disable
- name - Profile name. type: str required: True
- nntp - Configure NNTP AntiVirus options. type: dict
- archive_block - Select the archive types to block. type: str choices: encrypted, corrupted, partiallycorrupted, multipart, nested, mailbomb, fileslimit, timeout, unhandled
- archive_log - Select the archive types to log. type: str choices: encrypted, corrupted, partiallycorrupted, multipart, nested, mailbomb, fileslimit, timeout, unhandled
- emulator - Enable/disable the virus emulator. type: str choices: enable, disable
- options - Enable/disable NNTP AntiVirus scanning, monitoring, and quarantine. type: str choices: scan, avmonitor, quarantine
- outbreak_prevention - Enable FortiGuard Virus Outbreak Prevention service. type: str choices: disabled, files, full-archive
- pop3 - Configure POP3 AntiVirus options. type: dict
- archive_block - Select the archive types to block. type: str choices: encrypted, corrupted, partiallycorrupted, multipart, nested, mailbomb, fileslimit, timeout, unhandled
- archive_log - Select the archive types to log. type: str choices: encrypted, corrupted, partiallycorrupted, multipart, nested, mailbomb, fileslimit, timeout, unhandled
- content_disarm - Enable Content Disarm and Reconstruction for this protocol. type: str choices: disable, enable
- emulator - Enable/disable the virus emulator. type: str choices: enable, disable
- executables - Treat Windows executable files as viruses for the purpose of blocking or monitoring. type: str choices: default, virus
- options - Enable/disable POP3 AntiVirus scanning, monitoring, and quarantine. type: str choices: scan, avmonitor, quarantine
- outbreak_prevention - Enable FortiGuard Virus Outbreak Prevention service. type: str choices: disabled, files, full-archive
- replacemsg_group - Replacement message group customized for this profile. Source system.replacemsg-group.name. type: str
- scan_mode - Choose between full scan mode and quick scan mode. type: str choices: quick, full
- smb - Configure SMB AntiVirus options. type: dict
- archive_block - Select the archive types to block. type: str choices: encrypted, corrupted, partiallycorrupted, multipart, nested, mailbomb, fileslimit, timeout, unhandled
- archive_log - Select the archive types to log. type: str choices: encrypted, corrupted, partiallycorrupted, multipart, nested, mailbomb, fileslimit, timeout, unhandled
- emulator - Enable/disable the virus emulator. type: str choices: enable, disable
- options - Enable/disable SMB AntiVirus scanning, monitoring, and quarantine. type: str choices: scan, avmonitor, quarantine
- outbreak_prevention - Enable FortiGuard Virus Outbreak Prevention service. type: str choices: disabled, files, full-archive
- smtp - Configure SMTP AntiVirus options. type: dict
- archive_block - Select the archive types to block. type: str choices: encrypted, corrupted, partiallycorrupted, multipart, nested, mailbomb, fileslimit, timeout, unhandled
- archive_log - Select the archive types to log. type: str choices: encrypted, corrupted, partiallycorrupted, multipart, nested, mailbomb, fileslimit, timeout, unhandled
- content_disarm - Enable Content Disarm and Reconstruction for this protocol. type: str choices: disable, enable
- emulator - Enable/disable the virus emulator. type: str choices: enable, disable
- executables - Treat Windows executable files as viruses for the purpose of blocking or monitoring. type: str choices: default, virus
- options - Enable/disable SMTP AntiVirus scanning, monitoring, and quarantine. type: str choices: scan, avmonitor, quarantine
- outbreak_prevention - Enable FortiGuard Virus Outbreak Prevention service. type: str choices: disabled, files, full-archive
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure AntiVirus profiles.
fortios_antivirus_profile:
vdom: "{{ vdom }}"
state: "present"
antivirus_profile:
analytics_bl_filetype: "3 (source dlp.filepattern.id)"
analytics_db: "disable"
analytics_max_upload: "5"
analytics_wl_filetype: "6 (source dlp.filepattern.id)"
av_block_log: "enable"
av_virus_log: "enable"
comment: "Comment."
content_disarm:
cover_page: "disable"
detect_only: "disable"
office_embed: "disable"
office_hylink: "disable"
office_linked: "disable"
office_macro: "disable"
original_file_destination: "fortisandbox"
pdf_act_form: "disable"
pdf_act_gotor: "disable"
pdf_act_java: "disable"
pdf_act_launch: "disable"
pdf_act_movie: "disable"
pdf_act_sound: "disable"
pdf_embedfile: "disable"
pdf_hyperlink: "disable"
pdf_javacode: "disable"
extended_log: "enable"
ftgd_analytics: "disable"
ftp:
archive_block: "encrypted"
archive_log: "encrypted"
emulator: "enable"
options: "scan"
outbreak_prevention: "disabled"
http:
archive_block: "encrypted"
archive_log: "encrypted"
content_disarm: "disable"
emulator: "enable"
options: "scan"
outbreak_prevention: "disabled"
imap:
archive_block: "encrypted"
archive_log: "encrypted"
content_disarm: "disable"
emulator: "enable"
executables: "default"
options: "scan"
outbreak_prevention: "disabled"
inspection_mode: "proxy"
mapi:
archive_block: "encrypted"
archive_log: "encrypted"
emulator: "enable"
executables: "default"
options: "scan"
outbreak_prevention: "disabled"
mobile_malware_db: "disable"
nac_quar:
expiry: "<your_own_value>"
infected: "none"
log: "enable"
name: "default_name_63"
nntp:
archive_block: "encrypted"
archive_log: "encrypted"
emulator: "enable"
options: "scan"
outbreak_prevention: "disabled"
pop3:
archive_block: "encrypted"
archive_log: "encrypted"
content_disarm: "disable"
emulator: "enable"
executables: "default"
options: "scan"
outbreak_prevention: "disabled"
replacemsg_group: "<your_own_value> (source system.replacemsg-group.name)"
scan_mode: "quick"
smb:
archive_block: "encrypted"
archive_log: "encrypted"
emulator: "enable"
options: "scan"
outbreak_prevention: "disabled"
smtp:
archive_block: "encrypted"
archive_log: "encrypted"
content_disarm: "disable"
emulator: "enable"
executables: "default"
options: "scan"
outbreak_prevention: "disabled"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_antivirus_quarantine – Configure quarantine options in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify antivirus feature and quarantine category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- antivirus_quarantine - Configure quarantine options. type: dict
- agelimit - Age limit for quarantined files (0 - 479 hours, 0 means forever). type: int
- destination - Choose whether to quarantine files to the FortiGate disk or to FortiAnalyzer or to delete them instead of quarantining them. type: str choices: None, disk, FortiAnalyzer
- drop_blocked - Do not quarantine dropped files found in sessions using the selected protocols. Dropped files are deleted instead of being quarantined. type: str choices: imap, smtp, pop3, http, ftp, nntp, imaps, smtps, pop3s, ftps, mapi, cifs, mm1, mm3, mm4, mm7
- drop_heuristic - Do not quarantine files detected by heuristics found in sessions using the selected protocols. Dropped files are deleted instead of being quarantined. type: str choices: imap, smtp, pop3, http, ftp, nntp, imaps, smtps, pop3s, https, ftps, mapi, cifs, mm1, mm3, mm4, mm7
- drop_infected - Do not quarantine infected files found in sessions using the selected protocols. Dropped files are deleted instead of being quarantined. type: str choices: imap, smtp, pop3, http, ftp, nntp, imaps, smtps, pop3s, https, ftps, mapi, cifs, mm1, mm3, mm4, mm7
- lowspace - Select the method for handling additional files when running low on disk space. type: str choices: drop-new, ovrw-old
- maxfilesize - Maximum file size to quarantine (0 - 500 Mbytes, 0 means unlimited). type: int
- quarantine_quota - The amount of disk space to reserve for quarantining files (0 - 4294967295 Mbytes, depends on disk space). type: int
- store_blocked - Quarantine blocked files found in sessions using the selected protocols. type: str choices: imap, smtp, pop3, http, ftp, nntp, imaps, smtps, pop3s, ftps, mapi, cifs, mm1, mm3, mm4, mm7
- store_heuristic - Quarantine files detected by heuristics found in sessions using the selected protocols. type: str choices: imap, smtp, pop3, http, ftp, nntp, imaps, smtps, pop3s, https, ftps, mapi, cifs, mm1, mm3, mm4, mm7
- store_infected - Quarantine infected files found in sessions using the selected protocols. type: str choices: imap, smtp, pop3, http, ftp, nntp, imaps, smtps, pop3s, https, ftps, mapi, cifs, mm1, mm3, mm4, mm7
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure quarantine options.
fortios_antivirus_quarantine:
vdom: "{{ vdom }}"
antivirus_quarantine:
agelimit: "3"
destination: "NULL"
drop_blocked: "imap"
drop_heuristic: "imap"
drop_infected: "imap"
lowspace: "drop-new"
maxfilesize: "9"
quarantine_quota: "10"
store_blocked: "imap"
store_heuristic: "imap"
store_infected: "imap"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_antivirus_settings – Configure AntiVirus settings in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify antivirus feature and settings category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- antivirus_settings - Configure AntiVirus settings. type: dict
- default_db - Select the AV database to be used for AV scanning. type: str choices: normal, extended, extreme
- grayware - Enable/disable grayware detection when an AntiVirus profile is applied to traffic. type: str choices: enable, disable
- override_timeout - Override the large file scan timeout value in seconds (30 - 3600). Zero is the default value and is used to disable this command. When disabled, the daemon adjusts the large file scan timeout based on the file size. type: int
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure AntiVirus settings.
fortios_antivirus_settings:
vdom: "{{ vdom }}"
antivirus_settings:
default_db: "normal"
grayware: "enable"
override_timeout: "5"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_application_custom – Configure custom application signatures in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify application feature and custom category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- application_custom - Configure custom application signatures. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- behavior - Custom application signature behavior. type: str
- category - Custom application category ID (use ? to view available options). type: int
- comment - Comment. type: str
- id - Custom application category ID (use ? to view available options). type: int
- name - Name of this custom application signature. type: str
- protocol - Custom application signature protocol. type: str
- signature - The text that makes up the actual custom application signature. type: str
- tag - Signature tag. type: str required: True
- technology - Custom application signature technology. type: str
- vendor - Custom application signature vendor. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure custom application signatures.
fortios_application_custom:
vdom: "{{ vdom }}"
state: "present"
application_custom:
behavior: "<your_own_value>"
category: "4"
comment: "Comment."
id: "6"
name: "default_name_7"
protocol: "<your_own_value>"
signature: "<your_own_value>"
tag: "<your_own_value>"
technology: "<your_own_value>"
vendor: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_application_group – Configure firewall application groups in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify application feature and group category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- application_group - Configure firewall application groups. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- application - Application ID list. type: list
- id - Application IDs. type: int required: True
- category - Application category ID list. type: list
- id - Category IDs. type: int required: True
- comment - Comment type: str
- name - Application group name. type: str required: True
- type - Application group type. type: str choices: application, category
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure firewall application groups.
fortios_application_group:
vdom: "{{ vdom }}"
state: "present"
application_group:
application:
-
id: "4"
category:
-
id: "6"
comment: "Comment"
name: "default_name_8"
type: "application"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_application_list – Configure application control lists in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify application feature and list category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- application_list - Configure application control lists. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- app_replacemsg - Enable/disable replacement messages for blocked applications. type: str choices: disable, enable
- comment - comments type: str
- deep_app_inspection - Enable/disable deep application inspection. type: str choices: disable, enable
- entries - Application list entries. type: list
- action - Pass or block traffic, or reset connection for traffic from this application. type: str choices: pass, block, reset
- application - ID of allowed applications. type: list
- id - Application IDs. type: int required: True
- behavior - Application behavior filter. type: str
- category - Category ID list. type: list
- id - Application category ID. type: int required: True
- id - Entry ID. type: int required: True
- log - Enable/disable logging for this application list. type: str choices: disable, enable
- log_packet - Enable/disable packet logging. type: str choices: disable, enable
- parameters - Application parameters. type: list
- id - Parameter ID. type: int required: True
- value - Parameter value. type: str
- per_ip_shaper - Per-IP traffic shaper. Source firewall.shaper.per-ip-shaper.name. type: str
- popularity - Application popularity filter (1 - 5, from least to most popular). type: str choices: 1, 2, 3, 4, 5
- protocols - Application protocol filter. type: str
- quarantine - Quarantine method. type: str choices: none, attacker
- quarantine_expiry - Duration of quarantine. (Format type: str
- quarantine_log - Enable/disable quarantine logging. type: str choices: disable, enable
- rate_count - Count of the rate. type: int
- rate_duration - Duration (sec) of the rate. type: int
- rate_mode - Rate limit mode. type: str choices: periodical, continuous
- rate_track - Track the packet protocol field. type: str choices: none, src-ip, dest-ip, dhcp-client-mac, dns-domain
- risk - Risk, or impact, of allowing traffic from this application to occur (1 - 5; Low, Elevated, Medium, High, and Critical). type: list
- level - Risk, or impact, of allowing traffic from this application to occur (1 - 5; Low, Elevated, Medium, High, and Critical). type: int required: True
- session_ttl - Session TTL (0 = default). type: int
- shaper - Traffic shaper. Source firewall.shaper.traffic-shaper.name. type: str
- shaper_reverse - Reverse traffic shaper. Source firewall.shaper.traffic-shaper.name. type: str
- sub_category - Application Sub-category ID list. type: list
- id - Application sub-category ID. type: int required: True
- technology - Application technology filter. type: str
- vendor - Application vendor filter. type: str
- extended_log - Enable/disable extended logging. type: str choices: enable, disable
- name - List name. type: str required: True
- options - Basic application protocol signatures allowed by default. type: str choices: allow-dns, allow-icmp, allow-http, allow-ssl, allow-quic
- other_application_action - Action for other applications. type: str choices: pass, block
- other_application_log - Enable/disable logging for other applications. type: str choices: disable, enable
- p2p_black_list - P2P applications to be black listed. type: str choices: skype, edonkey, bittorrent
- replacemsg_group - Replacement message group. Source system.replacemsg-group.name. type: str
- unknown_application_action - Pass or block traffic from unknown applications. type: str choices: pass, block
- unknown_application_log - Enable/disable logging for unknown applications. type: str choices: disable, enable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure application control lists.
fortios_application_list:
vdom: "{{ vdom }}"
state: "present"
application_list:
app_replacemsg: "disable"
comment: "comments"
deep_app_inspection: "disable"
entries:
-
action: "pass"
application:
-
id: "9"
behavior: "<your_own_value>"
category:
-
id: "12"
id: "13"
log: "disable"
log_packet: "disable"
parameters:
-
id: "17"
value: "<your_own_value>"
per_ip_shaper: "<your_own_value> (source firewall.shaper.per-ip-shaper.name)"
popularity: "1"
protocols: "<your_own_value>"
quarantine: "none"
quarantine_expiry: "<your_own_value>"
quarantine_log: "disable"
rate_count: "25"
rate_duration: "26"
rate_mode: "periodical"
rate_track: "none"
risk:
-
level: "30"
session_ttl: "31"
shaper: "<your_own_value> (source firewall.shaper.traffic-shaper.name)"
shaper_reverse: "<your_own_value> (source firewall.shaper.traffic-shaper.name)"
sub_category:
-
id: "35"
technology: "<your_own_value>"
vendor: "<your_own_value>"
extended_log: "enable"
name: "default_name_39"
options: "allow-dns"
other_application_action: "pass"
other_application_log: "disable"
p2p_black_list: "skype"
replacemsg_group: "<your_own_value> (source system.replacemsg-group.name)"
unknown_application_action: "pass"
unknown_application_log: "disable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_application_name – Configure application signatures in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify application feature and name category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- application_name - Configure application signatures. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- behavior - Application behavior. type: str
- category - Application category ID. type: int
- id - Application ID. type: int
- metadata - Meta data. type: list
- id - ID. type: int required: True
- metaid - Meta ID. type: int
- valueid - Value ID. type: int
- name - Application name. type: str required: True
- parameter - Application parameter name. type: str
- popularity - Application popularity. type: int
- protocol - Application protocol. type: str
- risk - Application risk. type: int
- sub_category - Application sub-category ID. type: int
- technology - Application technology. type: str
- vendor - Application vendor. type: str
- weight - Application weight. type: int
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure application signatures.
fortios_application_name:
vdom: "{{ vdom }}"
state: "present"
application_name:
behavior: "<your_own_value>"
category: "4"
id: "5"
metadata:
-
id: "7"
metaid: "8"
valueid: "9"
name: "default_name_10"
parameter: "<your_own_value>"
popularity: "12"
protocol: "<your_own_value>"
risk: "14"
sub_category: "15"
technology: "<your_own_value>"
vendor: "<your_own_value>"
weight: "18"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_application_rule_settings – Configure application rule settings in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify application feature and rule_settings category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- application_rule_settings - Configure application rule settings. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- id - Rule ID. type: int required: True
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure application rule settings.
fortios_application_rule_settings:
vdom: "{{ vdom }}"
state: "present"
application_rule_settings:
id: "3"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_authentication_rule – Configure Authentication Rules in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify authentication feature and rule category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- authentication_rule - Configure Authentication Rules. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- active_auth_method - Select an active authentication method. Source authentication.scheme.name. type: str
- comments - Comment. type: str
- ip_based - Enable/disable IP-based authentication. Once a user authenticates all traffic from the IP address the user authenticated from is allowed. type: str choices: enable, disable
- name - Authentication rule name. type: str required: True
- protocol - Select the protocol to use for authentication . Users connect to the FortiGate using this protocol and are asked to authenticate. type: str choices: http, ftp, socks, ssh
- srcaddr - Select an IPv4 source address from available options. Required for web proxy authentication. type: list
- name - Address name. Source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name firewall.proxy-addrgrp.name. type: str required: True
- srcaddr6 - Select an IPv6 source address. Required for web proxy authentication. type: list
- name - Address name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: True
- sso_auth_method - Select a single-sign on (SSO) authentication method. Source authentication.scheme.name. type: str
- status - Enable/disable this authentication rule. type: str choices: enable, disable
- transaction_based - Enable/disable transaction based authentication . type: str choices: enable, disable
- web_auth_cookie - Enable/disable Web authentication cookies . type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure Authentication Rules.
fortios_authentication_rule:
vdom: "{{ vdom }}"
state: "present"
authentication_rule:
active_auth_method: "<your_own_value> (source authentication.scheme.name)"
comments: "<your_own_value>"
ip_based: "enable"
name: "default_name_6"
protocol: "http"
srcaddr:
-
name: "default_name_9 (source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name firewall.proxy-addrgrp.name)"
srcaddr6:
-
name: "default_name_11 (source firewall.address6.name firewall.addrgrp6.name)"
sso_auth_method: "<your_own_value> (source authentication.scheme.name)"
status: "enable"
transaction_based: "enable"
web_auth_cookie: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_authentication_scheme – Configure Authentication Schemes in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify authentication feature and scheme category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- authentication_scheme - Configure Authentication Schemes. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- domain_controller - Domain controller setting. Source user.domain-controller.name. type: str
- fsso_agent_for_ntlm - FSSO agent to use for NTLM authentication. Source user.fsso.name. type: str
- fsso_guest - Enable/disable user fsso-guest authentication . type: str choices: enable, disable
- kerberos_keytab - Kerberos keytab setting. Source user.krb-keytab.name. type: str
- method - Authentication methods . type: str choices: ntlm, basic, digest, form, negotiate, fsso, rsso, ssh-publickey
- name - Authentication scheme name. type: str required: True
- negotiate_ntlm - Enable/disable negotiate authentication for NTLM . type: str choices: enable, disable
- require_tfa - Enable/disable two-factor authentication . type: str choices: enable, disable
- ssh_ca - SSH CA name. Source firewall.ssh.local-ca.name. type: str
- user_database - Authentication server to contain user information; "local" (default) or "123" (for LDAP). type: list
- name - Authentication server name. Source system.datasource.name user.radius.name user.tacacs+.name user.ldap.name user.group.name. type: str required: True
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure Authentication Schemes.
fortios_authentication_scheme:
vdom: "{{ vdom }}"
state: "present"
authentication_scheme:
domain_controller: "<your_own_value> (source user.domain-controller.name)"
fsso_agent_for_ntlm: "<your_own_value> (source user.fsso.name)"
fsso_guest: "enable"
kerberos_keytab: "<your_own_value> (source user.krb-keytab.name)"
method: "ntlm"
name: "default_name_8"
negotiate_ntlm: "enable"
require_tfa: "enable"
ssh_ca: "<your_own_value> (source firewall.ssh.local-ca.name)"
user_database:
-
name: "default_name_13 (source system.datasource.name user.radius.name user.tacacs+.name user.ldap.name user.group.name)"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_authentication_setting – Configure authentication setting in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify authentication feature and setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- authentication_setting - Configure authentication setting. type: dict
- active_auth_scheme - Active authentication method (scheme name). Source authentication.scheme.name. type: str
- captive_portal - Captive portal host name. Source firewall.address.name. type: str
- captive_portal_ip - Captive portal IP address. type: str
- captive_portal_ip6 - Captive portal IPv6 address. type: str
- captive_portal_port - Captive portal port number (1 - 65535). type: int
- captive_portal_type - Captive portal type. type: str choices: fqdn, ip
- captive_portal6 - IPv6 captive portal host name. Source firewall.address6.name. type: str
- sso_auth_scheme - Single-Sign-On authentication method (scheme name). Source authentication.scheme.name. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure authentication setting.
fortios_authentication_setting:
vdom: "{{ vdom }}"
authentication_setting:
active_auth_scheme: "<your_own_value> (source authentication.scheme.name)"
captive_portal: "<your_own_value> (source firewall.address.name)"
captive_portal_ip: "<your_own_value>"
captive_portal_ip6: "<your_own_value>"
captive_portal_port: "7"
captive_portal_type: "fqdn"
captive_portal6: "<your_own_value> (source firewall.address6.name)"
sso_auth_scheme: "<your_own_value> (source authentication.scheme.name)"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_certificate_ca – CA certificate in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify certificate feature and ca category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- certificate_ca - CA certificate. type: dict
- auto_update_days - Number of days to wait before requesting an updated CA certificate (0 - 4294967295, 0 = disabled). type: int
- auto_update_days_warning - Number of days before an expiry-warning message is generated (0 - 4294967295, 0 = disabled). type: int
- ca - CA certificate as a PEM file. type: str
- last_updated - Time at which CA was last updated. type: int
- name - Name. type: str required: True
- range - Either global or VDOM IP address range for the CA certificate. type: str choices: global, vdom
- scep_url - URL of the SCEP server. type: str
- source - CA certificate source type. type: str choices: factory, user, bundle
- source_ip - Source IP address for communications to the SCEP server. type: str
- trusted - Enable/disable as a trusted CA. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: CA certificate.
fortios_certificate_ca:
vdom: "{{ vdom }}"
state: "present"
certificate_ca:
auto_update_days: "3"
auto_update_days_warning: "4"
ca: "<your_own_value>"
last_updated: "6"
name: "default_name_7"
range: "global"
scep_url: "<your_own_value>"
source: "factory"
source_ip: "84.230.14.43"
trusted: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_certificate_crl – Certificate Revocation List as a PEM file in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify certificate feature and crl category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- certificate_crl - Certificate Revocation List as a PEM file. type: dict
- crl - Certificate Revocation List as a PEM file. type: str
- http_url - HTTP server URL for CRL auto-update. type: str
- last_updated - Time at which CRL was last updated. type: int
- ldap_password - LDAP server user password. type: str
- ldap_server - LDAP server name for CRL auto-update. type: str
- ldap_username - LDAP server user name. type: str
- name - Name. type: str required: True
- range - Either global or VDOM IP address range for the certificate. type: str choices: global, vdom
- scep_cert - Local certificate for SCEP communication for CRL auto-update. Source certificate.local.name. type: str
- scep_url - SCEP server URL for CRL auto-update. type: str
- source - Certificate source type. type: str choices: factory, user, bundle
- source_ip - Source IP address for communications to a HTTP or SCEP CA server. type: str
- update_interval - Time in seconds before the FortiGate checks for an updated CRL. Set to 0 to update only when it expires. type: int
- update_vdom - VDOM for CRL update. Source system.vdom.name. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Certificate Revocation List as a PEM file.
fortios_certificate_crl:
vdom: "{{ vdom }}"
state: "present"
certificate_crl:
crl: "<your_own_value>"
http_url: "<your_own_value>"
last_updated: "5"
ldap_password: "<your_own_value>"
ldap_server: "<your_own_value>"
ldap_username: "<your_own_value>"
name: "default_name_9"
range: "global"
scep_cert: "<your_own_value> (source certificate.local.name)"
scep_url: "<your_own_value>"
source: "factory"
source_ip: "84.230.14.43"
update_interval: "15"
update_vdom: "<your_own_value> (source system.vdom.name)"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_certificate_local – Local keys and certificates in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify certificate feature and local category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- certificate_local - Local keys and certificates. type: dict
- auto_regenerate_days - Number of days to wait before expiry of an updated local certificate is requested (0 = disabled). type: int
- auto_regenerate_days_warning - Number of days to wait before an expiry warning message is generated (0 = disabled). type: int
- ca_identifier - CA identifier of the CA server for signing via SCEP. type: str
- certificate - PEM format certificate. type: str
- cmp_path - Path location inside CMP server. type: str
- cmp_regeneration_method - CMP auto-regeneration method. type: str choices: keyupate, renewal
- cmp_server - "ADDRESS:PORT" for CMP server. type: str
- cmp_server_cert - CMP server certificate. Source certificate.ca.name. type: str
- comments - Comment. type: str
- csr - Certificate Signing Request. type: str
- enroll_protocol - Certificate enrollment protocol. type: str choices: none, scep, cmpv2
- ike_localid - Local ID the FortiGate uses for authentication as a VPN client. type: str
- ike_localid_type - IKE local ID type. type: str choices: asn1dn, fqdn
- last_updated - Time at which certificate was last updated. type: int
- name - Name. type: str required: True
- name_encoding - Name encoding method for auto-regeneration. type: str choices: printable, utf8
- password - Password as a PEM file. type: str
- private_key - PEM format key, encrypted with a password. type: str
- range - Either a global or VDOM IP address range for the certificate. type: str choices: global, vdom
- scep_password - SCEP server challenge password for auto-regeneration. type: str
- scep_url - SCEP server URL. type: str
- source - Certificate source type. type: str choices: factory, user, bundle
- source_ip - Source IP address for communications to the SCEP server. type: str
- state - Certificate Signing Request State. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Local keys and certificates.
fortios_certificate_local:
vdom: "{{ vdom }}"
state: "present"
certificate_local:
auto_regenerate_days: "3"
auto_regenerate_days_warning: "4"
ca_identifier: "myId_5"
certificate: "<your_own_value>"
cmp_path: "<your_own_value>"
cmp_regeneration_method: "keyupate"
cmp_server: "<your_own_value>"
cmp_server_cert: "<your_own_value> (source certificate.ca.name)"
comments: "<your_own_value>"
csr: "<your_own_value>"
enroll_protocol: "none"
ike_localid: "<your_own_value>"
ike_localid_type: "asn1dn"
last_updated: "16"
name: "default_name_17"
name_encoding: "printable"
password: "<your_own_value>"
private_key: "<your_own_value>"
range: "global"
scep_password: "<your_own_value>"
scep_url: "<your_own_value>"
source: "factory"
source_ip: "84.230.14.43"
state: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_dlp_filepattern – Configure file patterns used by DLP blocking in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify dlp feature and filepattern category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- dlp_filepattern - Configure file patterns used by DLP blocking. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- comment - Optional comments. type: str
- entries - Configure file patterns used by DLP blocking. type: list
- file_type - Select a file type. type: str choices: 7z, arj, cab, lzh, rar, tar, zip, bzip, gzip, bzip2, xz, bat, msc, uue, mime, base64, binhex, elf, exe, hta, html, jad, class, cod, javascript, msoffice, msofficex, fsg, upx, petite, aspack, sis, hlp, activemime, jpeg, gif, tiff, png, bmp, ignored, unknown, mpeg, mov, mp3, wma, wav, pdf, avi, rm, torrent, hibun, msi, mach-o, dmg, .net, xar, chm, iso, crx
- filter_type - Filter by file name pattern or by file type. type: str choices: pattern, type
- pattern - Add a file name pattern. type: str required: True
- id - ID. type: int required: True
- name - Name of table containing the file pattern list. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure file patterns used by DLP blocking.
fortios_dlp_filepattern:
vdom: "{{ vdom }}"
state: "present"
dlp_filepattern:
comment: "Optional comments."
entries:
-
file_type: "7z"
filter_type: "pattern"
pattern: "<your_own_value>"
id: "8"
name: "default_name_9"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_dlp_fp_doc_source – Create a DLP fingerprint database by allowing the FortiGate to access a file server containing files from which to create fingerprints in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify dlp feature and fp_doc_source category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- dlp_fp_doc_source - Create a DLP fingerprint database by allowing the FortiGate to access a file server containing files from which to create fingerprints. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- date - Day of the month on which to scan the server (1 - 31). type: int
- file_path - Path on the server to the fingerprint files (max 119 characters). type: str
- file_pattern - Files matching this pattern on the server are fingerprinted. Optionally use the * and ? wildcards. type: str
- keep_modified - Enable so that when a file is changed on the server the FortiGate keeps the old fingerprint and adds a new fingerprint to the database. type: str choices: enable, disable
- name - Name of the DLP fingerprint database. type: str required: True
- password - Password required to log into the file server. type: str
- period - Frequency for which the FortiGate checks the server for new or changed files. type: str choices: none, daily, weekly, monthly
- remove_deleted - Enable to keep the fingerprint database up to date when a file is deleted from the server. type: str choices: enable, disable
- scan_on_creation - Enable to keep the fingerprint database up to date when a file is added or changed on the server. type: str choices: enable, disable
- scan_subdirectories - Enable/disable scanning subdirectories to find files to create fingerprints from. type: str choices: enable, disable
- sensitivity - Select a sensitivity or threat level for matches with this fingerprint database. Add sensitivities using fp-sensitivity. Source dlp .fp-sensitivity.name. type: str
- server - IPv4 or IPv6 address of the server. type: str
- server_type - Protocol used to communicate with the file server. Currently only Samba (SMB) servers are supported. type: str choices: samba
- tod_hour - Hour of the day on which to scan the server (0 - 23). type: int
- tod_min - Minute of the hour on which to scan the server (0 - 59). type: int
- username - User name required to log into the file server. type: str
- vdom - Select the VDOM that can communicate with the file server. type: str choices: mgmt, current
- weekday - Day of the week on which to scan the server. type: str choices: sunday, monday, tuesday, wednesday, thursday, friday, saturday
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Create a DLP fingerprint database by allowing the FortiGate to access a file server containing files from which to create fingerprints.
fortios_dlp_fp_doc_source:
vdom: "{{ vdom }}"
state: "present"
dlp_fp_doc_source:
date: "3"
file_path: "<your_own_value>"
file_pattern: "<your_own_value>"
keep_modified: "enable"
name: "default_name_7"
password: "<your_own_value>"
period: "none"
remove_deleted: "enable"
scan_on_creation: "enable"
scan_subdirectories: "enable"
sensitivity: "<your_own_value> (source dlp.fp-sensitivity.name)"
server: "192.168.100.40"
server_type: "samba"
tod_hour: "16"
tod_min: "17"
username: "<your_own_value>"
vdom: "mgmt"
weekday: "sunday"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_dlp_fp_sensitivity – Create self-explanatory DLP sensitivity levels to be used when setting sensitivity under config fp-doc-source in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify dlp feature and fp_sensitivity category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- dlp_fp_sensitivity - Create self-explanatory DLP sensitivity levels to be used when setting sensitivity under config fp-doc-source. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- name - DLP Sensitivity Levels. type: str required: True
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Create self-explanatory DLP sensitivity levels to be used when setting sensitivity under config fp-doc-source.
fortios_dlp_fp_sensitivity:
vdom: "{{ vdom }}"
state: "present"
dlp_fp_sensitivity:
name: "default_name_3"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_dlp_sensor – Configure DLP sensors in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify dlp feature and sensor category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- dlp_sensor - Configure DLP sensors. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- comment - Comment. type: str
- dlp_log - Enable/disable DLP logging. type: str choices: enable, disable
- extended_log - Enable/disable extended logging for data leak prevention. type: str choices: enable, disable
- filter - Set up DLP filters for this sensor. type: list
- action - Action to take with content that this DLP sensor matches. type: str choices: allow, log-only, block, quarantine-ip
- archive - Enable/disable DLP archiving. type: str choices: disable, enable
- company_identifier - Enter a company identifier watermark to match. Only watermarks that your company has placed on the files are matched. type: str
- expiry - Quarantine duration in days, hours, minutes format (dddhhmm). type: str
- file_size - Match files this size or larger (0 - 4294967295 kbytes). type: int
- file_type - Select the number of a DLP file pattern table to match. Source dlp.filepattern.id. type: int
- filter_by - Select the type of content to match. type: str choices: credit-card, ssn, regexp, file-type, file-size, fingerprint, watermark, encrypted
- fp_sensitivity - Select a DLP file pattern sensitivity to match. type: list
- name - Select a DLP sensitivity. Source dlp.fp-sensitivity.name. type: str required: True
- id - ID. type: int required: True
- match_percentage - Percentage of fingerprints in the fingerprint databases designated with the selected fp-sensitivity to match. type: int
- name - Filter name. type: str
- proto - Check messages or files over one or more of these protocols. type: str choices: smtp, pop3, imap, http-get, http-post, ftp, nntp, mapi, mm1, mm3, mm4, mm7
- regexp - Enter a regular expression to match (max. 255 characters). type: str
- severity - Select the severity or threat level that matches this filter. type: str choices: info, low, medium, high, critical
- type - Select whether to check the content of messages (an email message) or files (downloaded files or email attachments). type: str choices: file, message
- flow_based - Enable/disable flow-based DLP. type: str choices: enable, disable
- full_archive_proto - Protocols to always content archive. type: str choices: smtp, pop3, imap, http-get, http-post, ftp, nntp, mapi, mm1, mm3, mm4, mm7
- nac_quar_log - Enable/disable NAC quarantine logging. type: str choices: enable, disable
- name - Name of the DLP sensor. type: str required: True
- options - Configure DLP options. type: str
- replacemsg_group - Replacement message group used by this DLP sensor. Source system.replacemsg-group.name. type: str
- summary_proto - Protocols to always log summary. type: str choices: smtp, pop3, imap, http-get, http-post, ftp, nntp, mapi, mm1, mm3, mm4, mm7
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure DLP sensors.
fortios_dlp_sensor:
vdom: "{{ vdom }}"
state: "present"
dlp_sensor:
comment: "Comment."
dlp_log: "enable"
extended_log: "enable"
filter:
-
action: "allow"
archive: "disable"
company_identifier: "myId_9"
expiry: "<your_own_value>"
file_size: "11"
file_type: "12 (source dlp.filepattern.id)"
filter_by: "credit-card"
fp_sensitivity:
-
name: "default_name_15 (source dlp.fp-sensitivity.name)"
id: "16"
match_percentage: "17"
name: "default_name_18"
proto: "smtp"
regexp: "<your_own_value>"
severity: "info"
type: "file"
flow_based: "enable"
full_archive_proto: "smtp"
nac_quar_log: "enable"
name: "default_name_26"
options: "<your_own_value>"
replacemsg_group: "<your_own_value> (source system.replacemsg-group.name)"
summary_proto: "smtp"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_dlp_settings – Designate logical storage for DLP fingerprint database in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify dlp feature and settings category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- dlp_settings - Designate logical storage for DLP fingerprint database. type: dict
- cache_mem_percent - Maximum percentage of available memory allocated to caching (1 - 15%). type: int
- chunk_size - Maximum fingerprint chunk size. **Changing will flush the entire database**. type: int
- db_mode - Behaviour when the maximum size is reached. type: str choices: stop-adding, remove-modified-then-oldest, remove-oldest
- size - Maximum total size of files within the storage (MB). type: int
- storage_device - Storage device name. Source system.storage.name. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Designate logical storage for DLP fingerprint database.
fortios_dlp_settings:
vdom: "{{ vdom }}"
dlp_settings:
cache_mem_percent: "3"
chunk_size: "4"
db_mode: "stop-adding"
size: "6"
storage_device: "<your_own_value> (source system.storage.name)"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_dnsfilter_domain_filter – Configure DNS domain filters in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify dnsfilter feature and domain_filter category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- dnsfilter_domain_filter - Configure DNS domain filters. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- comment - Optional comments. type: str
- entries - DNS domain filter entries. type: list
- action - Action to take for domain filter matches. type: str choices: block, allow, monitor
- domain - Domain entries to be filtered. type: str
- id - Id. type: int required: True
- status - Enable/disable this domain filter. type: str choices: enable, disable
- type - DNS domain filter type. type: str choices: simple, regex, wildcard
- id - ID. type: int required: True
- name - Name of table. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure DNS domain filters.
fortios_dnsfilter_domain_filter:
vdom: "{{ vdom }}"
state: "present"
dnsfilter_domain_filter:
comment: "Optional comments."
entries:
-
action: "block"
domain: "<your_own_value>"
id: "7"
status: "enable"
type: "simple"
id: "10"
name: "default_name_11"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_dnsfilter_profile – Configure DNS domain filter profiles in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify dnsfilter feature and profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- dnsfilter_profile - Configure DNS domain filter profiles. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- block_action - Action to take for blocked domains. type: str choices: block, redirect
- block_botnet - Enable/disable blocking botnet C&C DNS lookups. type: str choices: disable, enable
- comment - Comment. type: str
- domain_filter - Domain filter settings. type: dict
- domain_filter_table - DNS domain filter table ID. Source dnsfilter.domain-filter.id. type: int
- external_ip_blocklist - One or more external IP block lists. type: list
- name - External domain block list name. Source system.external-resource.name. type: str required: True
- ftgd_dns - FortiGuard DNS Filter settings. type: dict
- filters - FortiGuard DNS domain filters. type: list
- action - Action to take for DNS requests matching the category. type: str choices: block, monitor
- category - Category number. type: int
- id - ID number. type: int required: True
- log - Enable/disable DNS filter logging for this DNS profile. type: str choices: enable, disable
- options - FortiGuard DNS filter options. type: str choices: error-allow, ftgd-disable
- log_all_domain - Enable/disable logging of all domains visited (detailed DNS logging). type: str choices: enable, disable
- name - Profile name. type: str required: True
- redirect_portal - IP address of the SDNS redirect portal. type: str
- safe_search - Enable/disable Google, Bing, and YouTube safe search. type: str choices: disable, enable
- sdns_domain_log - Enable/disable domain filtering and botnet domain logging. type: str choices: enable, disable
- sdns_ftgd_err_log - Enable/disable FortiGuard SDNS rating error logging. type: str choices: enable, disable
- youtube_restrict - Set safe search for YouTube restriction level. type: str choices: strict, moderate
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure DNS domain filter profiles.
fortios_dnsfilter_profile:
vdom: "{{ vdom }}"
state: "present"
dnsfilter_profile:
block_action: "block"
block_botnet: "disable"
comment: "Comment."
domain_filter:
domain_filter_table: "7 (source dnsfilter.domain-filter.id)"
external_ip_blocklist:
-
name: "default_name_9 (source system.external-resource.name)"
ftgd_dns:
filters:
-
action: "block"
category: "13"
id: "14"
log: "enable"
options: "error-allow"
log_all_domain: "enable"
name: "default_name_18"
redirect_portal: "<your_own_value>"
safe_search: "disable"
sdns_domain_log: "enable"
sdns_ftgd_err_log: "enable"
youtube_restrict: "strict"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_endpoint_control_client – Configure endpoint control client lists in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify endpoint_control feature and client category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- endpoint_control_client - Configure endpoint control client lists. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- ad_groups - Endpoint client AD logon groups. type: str
- ftcl_uid - Endpoint FortiClient UID. type: str
- id - Endpoint client ID. type: int required: True
- info - Endpoint client information. type: str
- src_ip - Endpoint client IP address. type: str
- src_mac - Endpoint client MAC address. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure endpoint control client lists.
fortios_endpoint_control_client:
vdom: "{{ vdom }}"
state: "present"
endpoint_control_client:
ad_groups: "<your_own_value>"
ftcl_uid: "<your_own_value>"
id: "5"
info: "<your_own_value>"
src_ip: "<your_own_value>"
src_mac: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_endpoint_control_forticlient_ems – Configure FortiClient Enterprise Management Server (EMS) entries in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify endpoint_control feature and forticlient_ems category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- endpoint_control_forticlient_ems - Configure FortiClient Enterprise Management Server (EMS) entries. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- address - Firewall address name. Source firewall.address.name. type: str
- admin_password - FortiClient EMS admin password. type: str
- admin_type - FortiClient EMS admin type. type: str choices: Windows, LDAP
- admin_username - FortiClient EMS admin username. type: str
- https_port - FortiClient EMS HTTPS access port number. (1 - 65535). type: int
- listen_port - FortiClient EMS telemetry listen port number. (1 - 65535). type: int
- name - FortiClient Enterprise Management Server (EMS) name. type: str required: True
- rest_api_auth - FortiClient EMS REST API authentication. type: str choices: disable, userpass
- serial_number - FortiClient EMS Serial Number. type: str
- upload_port - FortiClient EMS telemetry upload port number. (1 - 65535). type: int
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure FortiClient Enterprise Management Server (EMS) entries.
fortios_endpoint_control_forticlient_ems:
vdom: "{{ vdom }}"
state: "present"
endpoint_control_forticlient_ems:
address: "<your_own_value> (source firewall.address.name)"
admin_password: "<your_own_value>"
admin_type: "Windows"
admin_username: "<your_own_value>"
https_port: "7"
listen_port: "8"
name: "default_name_9"
rest_api_auth: "disable"
serial_number: "<your_own_value>"
upload_port: "12"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_endpoint_control_forticlient_registration_sync – Configure FortiClient registration synchronization settings in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify endpoint_control feature and forticlient_registration_sync category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- endpoint_control_forticlient_registration_sync - Configure FortiClient registration synchronization settings. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- peer_ip - IP address of the peer FortiGate for endpoint license synchronization. type: str
- peer_name - Peer name. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure FortiClient registration synchronization settings.
fortios_endpoint_control_forticlient_registration_sync:
vdom: "{{ vdom }}"
state: "present"
endpoint_control_forticlient_registration_sync:
peer_ip: "<your_own_value>"
peer_name: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_endpoint_control_profile – Configure FortiClient endpoint control profiles in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify endpoint_control feature and profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- endpoint_control_profile - Configure FortiClient endpoint control profiles. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- description - Description. type: str
- device_groups - Device groups. type: list
- name - Device group object from available options. Source user.device-group.name user.device-category.name. type: str required: True
- forticlient_android_settings - FortiClient settings for Android platform. type: dict
- disable_wf_when_protected - Enable/disable FortiClient web category filtering when protected by FortiGate. type: str choices: enable, disable
- forticlient_advanced_vpn - Enable/disable advanced FortiClient VPN configuration. type: str choices: enable, disable
- forticlient_advanced_vpn_buffer - Advanced FortiClient VPN configuration. type: str
- forticlient_vpn_provisioning - Enable/disable FortiClient VPN provisioning. type: str choices: enable, disable
- forticlient_vpn_settings - FortiClient VPN settings. type: list
- auth_method - Authentication method. type: str choices: psk, certificate
- name - VPN name. type: str required: True
- preshared_key - Pre-shared secret for PSK authentication. type: str
- remote_gw - IP address or FQDN of the remote VPN gateway. type: str
- sslvpn_access_port - SSL VPN access port (1 - 65535). type: int
- sslvpn_require_certificate - Enable/disable requiring SSL VPN client certificate. type: str choices: enable, disable
- type - VPN type (IPsec or SSL VPN). type: str choices: ipsec, ssl
- forticlient_wf - Enable/disable FortiClient web filtering. type: str choices: enable, disable
- forticlient_wf_profile - The FortiClient web filter profile to apply. Source webfilter.profile.name. type: str
- forticlient_ios_settings - FortiClient settings for iOS platform. type: dict
- client_vpn_provisioning - FortiClient VPN provisioning. type: str choices: enable, disable
- client_vpn_settings - FortiClient VPN settings. type: list
- auth_method - Authentication method. type: str choices: psk, certificate
- name - VPN name. type: str required: True
- preshared_key - Pre-shared secret for PSK authentication. type: str
- remote_gw - IP address or FQDN of the remote VPN gateway. type: str
- sslvpn_access_port - SSL VPN access port (1 - 65535). type: int
- sslvpn_require_certificate - Enable/disable requiring SSL VPN client certificate. type: str choices: enable, disable
- type - VPN type (IPsec or SSL VPN). type: str choices: ipsec, ssl
- vpn_configuration_content - Content of VPN configuration. type: str
- vpn_configuration_name - Name of VPN configuration. type: str
- configuration_content - Content of configuration profile. type: str
- configuration_name - Name of configuration profile. type: str
- disable_wf_when_protected - Enable/disable FortiClient web category filtering when protected by FortiGate. type: str choices: enable, disable
- distribute_configuration_profile - Enable/disable configuration profile (.mobileconfig file) distribution. type: str choices: enable, disable
- forticlient_wf - Enable/disable FortiClient web filtering. type: str choices: enable, disable
- forticlient_wf_profile - The FortiClient web filter profile to apply. Source webfilter.profile.name. type: str
- forticlient_winmac_settings - FortiClient settings for Windows/Mac platform. type: dict
- av_realtime_protection - Enable/disable FortiClient AntiVirus real-time protection. type: str choices: enable, disable
- av_signature_up_to_date - Enable/disable FortiClient AV signature updates. type: str choices: enable, disable
- forticlient_application_firewall - Enable/disable the FortiClient application firewall. type: str choices: enable, disable
- forticlient_application_firewall_list - FortiClient application firewall rule list. Source application.list.name. type: str
- forticlient_av - Enable/disable FortiClient AntiVirus scanning. type: str choices: enable, disable
- forticlient_ems_compliance - Enable/disable FortiClient Enterprise Management Server (EMS) compliance. type: str choices: enable, disable
- forticlient_ems_compliance_action - FortiClient EMS compliance action. type: str choices: block, warning
- forticlient_ems_entries - FortiClient EMS entries. type: list
- name - FortiClient EMS name. Source endpoint-control.forticlient-ems.name. type: str required: True
- forticlient_linux_ver - Minimum FortiClient Linux version. type: str
- forticlient_log_upload - Enable/disable uploading FortiClient logs. type: str choices: enable, disable
- forticlient_log_upload_level - Select the FortiClient logs to upload. type: str choices: traffic, vulnerability, event
- forticlient_log_upload_server - IP address or FQDN of the server to which to upload FortiClient logs. type: str
- forticlient_mac_ver - Minimum FortiClient Mac OS version. type: str
- forticlient_minimum_software_version - Enable/disable requiring clients to run FortiClient with a minimum software version number. type: str choices: enable, disable
- forticlient_operating_system - FortiClient operating system. type: list
- id - Operating system entry ID. type: int required: True
- os_name - Customize operating system name or Mac OS format:x.x.x type: str
- os_type - Operating system type. type: str choices: custom, mac-os, win-7, win-80, win-81, win-10, win-2000, win-home-svr, win-svr-10, win-svr-2003, win-svr-2003-r2, win-svr-2008, win-svr-2008-r2, win-svr-2012, win-svr-2012-r2, win-sto-svr-2003, win-vista, win-xp, ubuntu-linux, centos-linux, redhat-linux, fedora-linux
- forticlient_own_file - Checking the path and filename of the FortiClient application. type: list
- file - File path and name. type: str
- id - File ID. type: int required: True
- forticlient_registration_compliance_action - FortiClient registration compliance action. type: str choices: block, warning
- forticlient_registry_entry - FortiClient registry entry. type: list
- id - Registry entry ID. type: int required: True
- registry_entry - Registry entry. type: str
- forticlient_running_app - Use FortiClient to verify if the listed applications are running on the client. type: list
- app_name - Application name. type: str
- app_sha256_signature - App"s SHA256 signature. type: str
- app_sha256_signature2 - App"s SHA256 Signature. type: str
- app_sha256_signature3 - App"s SHA256 Signature. type: str
- app_sha256_signature4 - App"s SHA256 Signature. type: str
- application_check_rule - Application check rule. type: str choices: present, absent
- id - Application ID. type: int required: True
- process_name - Process name. type: str
- process_name2 - Process name. type: str
- process_name3 - Process name. type: str
- process_name4 - Process name. type: str
- forticlient_security_posture - Enable/disable FortiClient security posture check options. type: str choices: enable, disable
- forticlient_security_posture_compliance_action - FortiClient security posture compliance action. type: str choices: block, warning
- forticlient_system_compliance - Enable/disable enforcement of FortiClient system compliance. type: str choices: enable, disable
- forticlient_system_compliance_action - Block or warn clients not compliant with FortiClient requirements. type: str choices: block, warning
- forticlient_vuln_scan - Enable/disable FortiClient vulnerability scanning. type: str choices: enable, disable
- forticlient_vuln_scan_compliance_action - FortiClient vulnerability compliance action. type: str choices: block, warning
- forticlient_vuln_scan_enforce - Configure the level of the vulnerability found that causes a FortiClient vulnerability compliance action. type: str choices: critical, high, medium, low, info
- forticlient_vuln_scan_enforce_grace - FortiClient vulnerability scan enforcement grace period (0 - 30 days). type: int
- forticlient_vuln_scan_exempt - Enable/disable compliance exemption for vulnerabilities that cannot be patched automatically. type: str choices: enable, disable
- forticlient_wf - Enable/disable FortiClient web filtering. type: str choices: enable, disable
- forticlient_wf_profile - The FortiClient web filter profile to apply. Source webfilter.profile.name. type: str
- forticlient_win_ver - Minimum FortiClient Windows version. type: str
- os_av_software_installed - Enable/disable checking for OS recognized AntiVirus software. type: str choices: enable, disable
- sandbox_address - FortiSandbox address. type: str
- sandbox_analysis - Enable/disable sending files to FortiSandbox for analysis. type: str choices: enable, disable
- on_net_addr - Addresses for on-net detection. type: list
- name - Address object from available options. Source firewall.address.name firewall.addrgrp.name. type: str required: True
- profile_name - Profile name. type: str
- replacemsg_override_group - Select an endpoint control replacement message override group from available options. Source system.replacemsg-group.name. type: str
- src_addr - Source addresses. type: list
- name - Address object from available options. Source firewall.address.name firewall.addrgrp.name. type: str required: True
- user_groups - User groups. type: list
- name - User group name. Source user.group.name. type: str required: True
- users - Users. type: list
- name - User name. Source user.local.name. type: str required: True
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure FortiClient endpoint control profiles.
fortios_endpoint_control_profile:
vdom: "{{ vdom }}"
state: "present"
endpoint_control_profile:
description: "<your_own_value>"
device_groups:
-
name: "default_name_5 (source user.device-group.name user.device-category.name)"
forticlient_android_settings:
disable_wf_when_protected: "enable"
forticlient_advanced_vpn: "enable"
forticlient_advanced_vpn_buffer: "<your_own_value>"
forticlient_vpn_provisioning: "enable"
forticlient_vpn_settings:
-
auth_method: "psk"
name: "default_name_13"
preshared_key: "<your_own_value>"
remote_gw: "<your_own_value>"
sslvpn_access_port: "16"
sslvpn_require_certificate: "enable"
type: "ipsec"
forticlient_wf: "enable"
forticlient_wf_profile: "<your_own_value> (source webfilter.profile.name)"
forticlient_ios_settings:
client_vpn_provisioning: "enable"
client_vpn_settings:
-
auth_method: "psk"
name: "default_name_25"
preshared_key: "<your_own_value>"
remote_gw: "<your_own_value>"
sslvpn_access_port: "28"
sslvpn_require_certificate: "enable"
type: "ipsec"
vpn_configuration_content: "<your_own_value>"
vpn_configuration_name: "<your_own_value>"
configuration_content: "<your_own_value>"
configuration_name: "<your_own_value>"
disable_wf_when_protected: "enable"
distribute_configuration_profile: "enable"
forticlient_wf: "enable"
forticlient_wf_profile: "<your_own_value> (source webfilter.profile.name)"
forticlient_winmac_settings:
av_realtime_protection: "enable"
av_signature_up_to_date: "enable"
forticlient_application_firewall: "enable"
forticlient_application_firewall_list: "<your_own_value> (source application.list.name)"
forticlient_av: "enable"
forticlient_ems_compliance: "enable"
forticlient_ems_compliance_action: "block"
forticlient_ems_entries:
-
name: "default_name_48 (source endpoint-control.forticlient-ems.name)"
forticlient_linux_ver: "<your_own_value>"
forticlient_log_upload: "enable"
forticlient_log_upload_level: "traffic"
forticlient_log_upload_server: "<your_own_value>"
forticlient_mac_ver: "<your_own_value>"
forticlient_minimum_software_version: "enable"
forticlient_operating_system:
-
id: "56"
os_name: "<your_own_value>"
os_type: "custom"
forticlient_own_file:
-
file: "<your_own_value>"
id: "61"
forticlient_registration_compliance_action: "block"
forticlient_registry_entry:
-
id: "64"
registry_entry: "<your_own_value>"
forticlient_running_app:
-
app_name: "<your_own_value>"
app_sha256_signature: "<your_own_value>"
app_sha256_signature2: "<your_own_value>"
app_sha256_signature3: "<your_own_value>"
app_sha256_signature4: "<your_own_value>"
application_check_rule: "present"
id: "73"
process_name: "<your_own_value>"
process_name2: "<your_own_value>"
process_name3: "<your_own_value>"
process_name4: "<your_own_value>"
forticlient_security_posture: "enable"
forticlient_security_posture_compliance_action: "block"
forticlient_system_compliance: "enable"
forticlient_system_compliance_action: "block"
forticlient_vuln_scan: "enable"
forticlient_vuln_scan_compliance_action: "block"
forticlient_vuln_scan_enforce: "critical"
forticlient_vuln_scan_enforce_grace: "85"
forticlient_vuln_scan_exempt: "enable"
forticlient_wf: "enable"
forticlient_wf_profile: "<your_own_value> (source webfilter.profile.name)"
forticlient_win_ver: "<your_own_value>"
os_av_software_installed: "enable"
sandbox_address: "<your_own_value>"
sandbox_analysis: "enable"
on_net_addr:
-
name: "default_name_94 (source firewall.address.name firewall.addrgrp.name)"
profile_name: "<your_own_value>"
replacemsg_override_group: "<your_own_value> (source system.replacemsg-group.name)"
src_addr:
-
name: "default_name_98 (source firewall.address.name firewall.addrgrp.name)"
user_groups:
-
name: "default_name_100 (source user.group.name)"
users:
-
name: "default_name_102 (source user.local.name)"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_endpoint_control_registered_forticlient – Registered FortiClient list in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify endpoint_control feature and registered_forticlient category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- endpoint_control_registered_forticlient - Registered FortiClient list. type: dict
- flag - FortiClient registration flag. type: int
- ip - Endpoint IP address. type: str
- mac - Endpoint MAC address. type: str
- reg_fortigate - Registering FortiGate SN. type: str
- status - FortiClient registration status. type: int
- uid - FortiClient UID. type: str required: True
- vdom - Registering vdom. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Registered FortiClient list.
fortios_endpoint_control_registered_forticlient:
vdom: "{{ vdom }}"
state: "present"
endpoint_control_registered_forticlient:
flag: "3"
ip: "<your_own_value>"
mac: "<your_own_value>"
reg_fortigate: "<your_own_value>"
status: "7"
uid: "<your_own_value>"
vdom: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_endpoint_control_settings – Configure endpoint control settings in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify endpoint_control feature and settings category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- endpoint_control_settings - Configure endpoint control settings. type: dict
- download_custom_link - Customized URL for downloading FortiClient. type: str
- download_location - FortiClient download location (FortiGuard or custom). type: str choices: fortiguard, custom
- forticlient_avdb_update_interval - Period of time between FortiClient AntiVirus database updates (0 - 24 hours). type: int
- forticlient_dereg_unsupported_client - Enable/disable deregistering unsupported FortiClient endpoints. type: str choices: enable, disable
- forticlient_ems_rest_api_call_timeout - FortiClient EMS call timeout in milliseconds (500 - 30000 milliseconds). type: int
- forticlient_keepalive_interval - Interval between two KeepAlive messages from FortiClient (20 - 300 sec). type: int
- forticlient_offline_grace - Enable/disable grace period for offline registered clients. type: str choices: enable, disable
- forticlient_offline_grace_interval - Grace period for offline registered FortiClient (60 - 600 sec). type: int
- forticlient_reg_key - FortiClient registration key. type: str
- forticlient_reg_key_enforce - Enable/disable requiring or enforcing FortiClient registration keys. type: str choices: enable, disable
- forticlient_reg_timeout - FortiClient registration license timeout (days, min = 1, max = 180, 0 means unlimited). type: int
- forticlient_sys_update_interval - Interval between two system update messages from FortiClient (30 - 1440 min). type: int
- forticlient_user_avatar - Enable/disable uploading FortiClient user avatars. type: str choices: enable, disable
- forticlient_warning_interval - Period of time between FortiClient portal warnings (0 - 24 hours). type: int
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure endpoint control settings.
fortios_endpoint_control_settings:
vdom: "{{ vdom }}"
endpoint_control_settings:
download_custom_link: "<your_own_value>"
download_location: "fortiguard"
forticlient_avdb_update_interval: "5"
forticlient_dereg_unsupported_client: "enable"
forticlient_ems_rest_api_call_timeout: "7"
forticlient_keepalive_interval: "8"
forticlient_offline_grace: "enable"
forticlient_offline_grace_interval: "10"
forticlient_reg_key: "<your_own_value>"
forticlient_reg_key_enforce: "enable"
forticlient_reg_timeout: "13"
forticlient_sys_update_interval: "14"
forticlient_user_avatar: "enable"
forticlient_warning_interval: "16"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_extender_controller_extender – Extender controller configuration in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify extender_controller feature and extender category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- extender_controller_extender - Extender controller configuration. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- aaa_shared_secret - AAA shared secret. type: str
- access_point_name - Access point name(APN). type: str
- admin - FortiExtender Administration (enable or disable). type: str choices: disable, discovered, enable
- at_dial_script - Initialization AT commands specific to the MODEM. type: str
- billing_start_day - Billing start day. type: int
- cdma_aaa_spi - CDMA AAA SPI. type: str
- cdma_ha_spi - CDMA HA SPI. type: str
- cdma_nai - NAI for CDMA MODEMS. type: str
- conn_status - Connection status. type: int
- description - Description. type: str
- dial_mode - Dial mode (dial-on-demand or always-connect). type: str choices: dial-on-demand, always-connect
- dial_status - Dial status. type: int
- ext_name - FortiExtender name. type: str
- ha_shared_secret - HA shared secret. type: str
- id - FortiExtender serial number. type: str required: True
- ifname - FortiExtender interface name. type: str
- initiated_update - Allow/disallow network initiated updates to the MODEM. type: str choices: enable, disable
- mode - FortiExtender mode. type: str choices: standalone, redundant
- modem_passwd - MODEM password. type: str
- modem_type - MODEM type (CDMA, GSM/LTE or WIMAX). type: str choices: cdma, gsm/lte, wimax
- multi_mode - MODEM mode of operation(3G,LTE,etc). type: str choices: auto, auto-3g, force-lte, force-3g, force-2g
- ppp_auth_protocol - PPP authentication protocol (PAP,CHAP or auto). type: str choices: auto, pap, chap
- ppp_echo_request - Enable/disable PPP echo request. type: str choices: enable, disable
- ppp_password - PPP password. type: str
- ppp_username - PPP username. type: str
- primary_ha - Primary HA. type: str
- quota_limit_mb - Monthly quota limit (MB). type: int
- redial - Number of redials allowed based on failed attempts. type: str choices: none, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10
- redundant_intf - Redundant interface. type: str
- roaming - Enable/disable MODEM roaming. type: str choices: enable, disable
- role - FortiExtender work role(Primary, Secondary, None). type: str choices: none, primary, secondary
- secondary_ha - Secondary HA. type: str
- sim_pin - SIM PIN. type: str
- vdom - VDOM type: int
- wimax_auth_protocol - WiMax authentication protocol(TLS or TTLS). type: str choices: tls, ttls
- wimax_carrier - WiMax carrier. type: str
- wimax_realm - WiMax realm. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Extender controller configuration.
fortios_extender_controller_extender:
vdom: "{{ vdom }}"
state: "present"
extender_controller_extender:
aaa_shared_secret: "<your_own_value>"
access_point_name: "<your_own_value>"
admin: "disable"
at_dial_script: "<your_own_value>"
billing_start_day: "7"
cdma_aaa_spi: "<your_own_value>"
cdma_ha_spi: "<your_own_value>"
cdma_nai: "<your_own_value>"
conn_status: "11"
description: "<your_own_value>"
dial_mode: "dial-on-demand"
dial_status: "14"
ext_name: "<your_own_value>"
ha_shared_secret: "<your_own_value>"
id: "17"
ifname: "<your_own_value>"
initiated_update: "enable"
mode: "standalone"
modem_passwd: "<your_own_value>"
modem_type: "cdma"
multi_mode: "auto"
ppp_auth_protocol: "auto"
ppp_echo_request: "enable"
ppp_password: "<your_own_value>"
ppp_username: "<your_own_value>"
primary_ha: "<your_own_value>"
quota_limit_mb: "29"
redial: "none"
redundant_intf: "<your_own_value>"
roaming: "enable"
role: "none"
secondary_ha: "<your_own_value>"
sim_pin: "<your_own_value>"
vdom: "36"
wimax_auth_protocol: "tls"
wimax_carrier: "<your_own_value>"
wimax_realm: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_address – Configure IPv4 addresses in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and address category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_address - Configure IPv4 addresses. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- allow_routing - Enable/disable use of this address in the static route configuration. type: str choices: enable, disable
- associated_interface - Network interface associated with address. Source system.interface.name system.zone.name. type: str
- cache_ttl - Defines the minimal TTL of individual IP addresses in FQDN cache measured in seconds. type: int
- color - Color of icon on the GUI. type: int
- comment - Comment. type: str
- country - IP addresses associated to a specific country. type: str
- end_ip - Final IP address (inclusive) in the range for the address. type: str
- epg_name - Endpoint group name. type: str
- filter - Match criteria filter. type: str
- fqdn - Fully Qualified Domain Name address. type: str
- list - IP address list. type: list
- ip - IP. type: str required: True
- name - Address name. type: str required: True
- obj_id - Object ID for NSX. type: str
- organization - Organization domain name (Syntax: organization/domain). type: str
- policy_group - Policy group name. type: str
- sdn - SDN. type: str choices: aci, aws, azure, gcp, nsx, nuage, oci, openstack
- sdn_tag - SDN Tag. type: str
- start_ip - First IP address (inclusive) in the range for the address. type: str
- subnet - IP address and subnet mask of address. type: str
- subnet_name - Subnet name. type: str
- tagging - Config object tagging. type: list
- category - Tag category. Source system.object-tagging.category. type: str
- name - Tagging entry name. type: str required: True
- tags - Tags. type: list
- name - Tag name. Source system.object-tagging.tags.name. type: str required: True
- tenant - Tenant. type: str
- type - Type of address. type: str choices: ipmask, iprange, fqdn, geography, wildcard, wildcard-fqdn, dynamic
- uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str
- visibility - Enable/disable address visibility in the GUI. type: str choices: enable, disable
- wildcard - IP address and wildcard netmask. type: str
- wildcard_fqdn - Fully Qualified Domain Name with wildcard characters. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IPv4 addresses.
fortios_firewall_address:
vdom: "{{ vdom }}"
state: "present"
firewall_address:
allow_routing: "enable"
associated_interface: "<your_own_value> (source system.interface.name system.zone.name)"
cache_ttl: "5"
color: "6"
comment: "Comment."
country: "<your_own_value>"
end_ip: "<your_own_value>"
epg_name: "<your_own_value>"
filter: "<your_own_value>"
fqdn: "<your_own_value>"
list:
-
ip: "<your_own_value>"
name: "default_name_15"
obj_id: "<your_own_value>"
organization: "<your_own_value>"
policy_group: "<your_own_value>"
sdn: "aci"
sdn_tag: "<your_own_value>"
start_ip: "<your_own_value>"
subnet: "<your_own_value>"
subnet_name: "<your_own_value>"
tagging:
-
category: "<your_own_value> (source system.object-tagging.category)"
name: "default_name_26"
tags:
-
name: "default_name_28 (source system.object-tagging.tags.name)"
tenant: "<your_own_value>"
type: "ipmask"
uuid: "<your_own_value>"
visibility: "enable"
wildcard: "<your_own_value>"
wildcard_fqdn: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_address6 – Configure IPv6 firewall addresses in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and address6 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_address6 - Configure IPv6 firewall addresses. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- cache_ttl - Minimal TTL of individual IPv6 addresses in FQDN cache. type: int
- color - Integer value to determine the color of the icon in the GUI (range 1 to 32). type: int
- comment - Comment. type: str
- end_ip - Final IP address (inclusive) in the range for the address (format: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx). type: str
- fqdn - Fully qualified domain name. type: str
- host - Host Address. type: str
- host_type - Host type. type: str choices: any, specific
- ip6 - IPv6 address prefix (format: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx). type: str
- list - IP address list. type: list
- ip - IP. type: str required: True
- name - Address name. type: str required: True
- obj_id - Object ID for NSX. type: str
- sdn - SDN. type: str choices: nsx
- start_ip - First IP address (inclusive) in the range for the address (format: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx). type: str
- subnet_segment - IPv6 subnet segments. type: list
- name - Name. type: str required: True
- type - Subnet segment type. type: str choices: any, specific
- value - Subnet segment value. type: str
- tagging - Config object tagging type: list
- category - Tag category. Source system.object-tagging.category. type: str
- name - Tagging entry name. type: str required: True
- tags - Tags. type: list
- name - Tag name. Source system.object-tagging.tags.name. type: str required: True
- template - IPv6 address template. Source firewall.address6-template.name. type: str
- type - Type of IPv6 address object . type: str choices: ipprefix, iprange, fqdn, dynamic, template
- uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str
- visibility - Enable/disable the visibility of the object in the GUI. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IPv6 firewall addresses.
fortios_firewall_address6:
vdom: "{{ vdom }}"
state: "present"
firewall_address6:
cache_ttl: "3"
color: "4"
comment: "Comment."
end_ip: "<your_own_value>"
fqdn: "<your_own_value>"
host: "<your_own_value>"
host_type: "any"
ip6: "<your_own_value>"
list:
-
ip: "<your_own_value>"
name: "default_name_13"
obj_id: "<your_own_value>"
sdn: "nsx"
start_ip: "<your_own_value>"
subnet_segment:
-
name: "default_name_18"
type: "any"
value: "<your_own_value>"
tagging:
-
category: "<your_own_value> (source system.object-tagging.category)"
name: "default_name_23"
tags:
-
name: "default_name_25 (source system.object-tagging.tags.name)"
template: "<your_own_value> (source firewall.address6-template.name)"
type: "ipprefix"
uuid: "<your_own_value>"
visibility: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_address6_template – Configure IPv6 address templates in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and address6_template category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_address6_template - Configure IPv6 address templates. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- ip6 - IPv6 address prefix. type: str
- name - IPv6 address template name. type: str required: True
- subnet_segment - IPv6 subnet segments. type: list
- bits - Number of bits. type: int
- exclusive - Enable/disable exclusive value. type: str choices: enable, disable
- id - Subnet segment ID. type: int required: True
- name - Subnet segment name. type: str
- values - Subnet segment values. type: list
- name - Subnet segment value name. type: str required: True
- value - Subnet segment value. type: str
- subnet_segment_count - Number of IPv6 subnet segments. type: int
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IPv6 address templates.
fortios_firewall_address6_template:
vdom: "{{ vdom }}"
state: "present"
firewall_address6_template:
ip6: "<your_own_value>"
name: "default_name_4"
subnet_segment:
-
bits: "6"
exclusive: "enable"
id: "8"
name: "default_name_9"
values:
-
name: "default_name_11"
value: "<your_own_value>"
subnet_segment_count: "13"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_addrgrp – Configure IPv4 address groups in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and addrgrp category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_addrgrp - Configure IPv4 address groups. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- allow_routing - Enable/disable use of this group in the static route configuration. type: str choices: enable, disable
- color - Color of icon on the GUI. type: int
- comment - Comment. type: str
- member - Address objects contained within the group. type: list
- name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: True
- name - Address group name. type: str required: True
- tagging - Config object tagging. type: list
- category - Tag category. Source system.object-tagging.category. type: str
- name - Tagging entry name. type: str required: True
- tags - Tags. type: list
- name - Tag name. Source system.object-tagging.tags.name. type: str required: True
- uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str
- visibility - Enable/disable address visibility in the GUI. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IPv4 address groups.
fortios_firewall_addrgrp:
vdom: "{{ vdom }}"
state: "present"
firewall_addrgrp:
allow_routing: "enable"
color: "4"
comment: "Comment."
member:
-
name: "default_name_7 (source firewall.address.name firewall.addrgrp.name)"
name: "default_name_8"
tagging:
-
category: "<your_own_value> (source system.object-tagging.category)"
name: "default_name_11"
tags:
-
name: "default_name_13 (source system.object-tagging.tags.name)"
uuid: "<your_own_value>"
visibility: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_addrgrp6 – Configure IPv6 address groups in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and addrgrp6 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_addrgrp6 - Configure IPv6 address groups. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- color - Integer value to determine the color of the icon in the GUI (1 - 32). type: int
- comment - Comment. type: str
- member - Address objects contained within the group. type: list
- name - Address6/addrgrp6 name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: True
- name - IPv6 address group name. type: str required: True
- tagging - Config object tagging. type: list
- category - Tag category. Source system.object-tagging.category. type: str
- name - Tagging entry name. type: str required: True
- tags - Tags. type: list
- name - Tag name. Source system.object-tagging.tags.name. type: str required: True
- uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str
- visibility - Enable/disable address group6 visibility in the GUI. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IPv6 address groups.
fortios_firewall_addrgrp6:
vdom: "{{ vdom }}"
state: "present"
firewall_addrgrp6:
color: "3"
comment: "Comment."
member:
-
name: "default_name_6 (source firewall.address6.name firewall.addrgrp6.name)"
name: "default_name_7"
tagging:
-
category: "<your_own_value> (source system.object-tagging.category)"
name: "default_name_10"
tags:
-
name: "default_name_12 (source system.object-tagging.tags.name)"
uuid: "<your_own_value>"
visibility: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_auth_portal – Configure firewall authentication portals in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and auth_portal category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- firewall_auth_portal - Configure firewall authentication portals. type: dict
- groups - Firewall user groups permitted to authenticate through this portal. Separate group names with spaces. type: list
- name - Group name. Source user.group.name. type: str required: True
- identity_based_route - Name of the identity-based route that applies to this portal. Source firewall.identity-based-route.name. type: str
- portal_addr - Address (or FQDN) of the authentication portal. type: str
- portal_addr6 - IPv6 address (or FQDN) of authentication portal. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure firewall authentication portals.
fortios_firewall_auth_portal:
vdom: "{{ vdom }}"
firewall_auth_portal:
groups:
-
name: "default_name_4 (source user.group.name)"
identity_based_route: "<your_own_value> (source firewall.identity-based-route.name)"
portal_addr: "<your_own_value>"
portal_addr6: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_central_snat_map – Configure central SNAT policies in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and central_snat_map category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_central_snat_map - Configure central SNAT policies. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- comments - Comment. type: str
- dst_addr - Destination address name from available addresses. type: list
- name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: True
- dstintf - Destination interface name from available interfaces. type: list
- name - Interface name. Source system.interface.name system.zone.name. type: str required: True
- nat - Enable/disable source NAT. type: str choices: disable, enable
- nat_ippool - Name of the IP pools to be used to translate addresses from available IP Pools. type: list
- name - IP pool name. Source firewall.ippool.name. type: str required: True
- nat_port - Translated port or port range (0 to 65535). type: str
- orig_addr - Original address. type: list
- name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: True
- orig_port - Original TCP port (0 to 65535). type: str
- policyid - Policy ID. type: int required: True
- protocol - Integer value for the protocol type (0 - 255). type: int
- srcintf - Source interface name from available interfaces. type: list
- name - Interface name. Source system.interface.name system.zone.name. type: str required: True
- status - Enable/disable the active status of this policy. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure central SNAT policies.
fortios_firewall_central_snat_map:
vdom: "{{ vdom }}"
state: "present"
firewall_central_snat_map:
comments: "<your_own_value>"
dst_addr:
-
name: "default_name_5 (source firewall.address.name firewall.addrgrp.name)"
dstintf:
-
name: "default_name_7 (source system.interface.name system.zone.name)"
nat: "disable"
nat_ippool:
-
name: "default_name_10 (source firewall.ippool.name)"
nat_port: "<your_own_value>"
orig_addr:
-
name: "default_name_13 (source firewall.address.name firewall.addrgrp.name)"
orig_port: "<your_own_value>"
policyid: "15"
protocol: "16"
srcintf:
-
name: "default_name_18 (source system.interface.name system.zone.name)"
status: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_dnstranslation – Configure DNS translation in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and dnstranslation category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_dnstranslation - Configure DNS translation. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- dst - IPv4 address or subnet on the external network to substitute for the resolved address in DNS query replies. Can be single IP address or subnet on the external network, but number of addresses must equal number of mapped IP addresses in src. type: str
- id - ID. type: int required: True
- netmask - If src and dst are subnets rather than single IP addresses, enter the netmask for both src and dst. type: str
- src - IPv4 address or subnet on the internal network to compare with the resolved address in DNS query replies. If the resolved address matches, the resolved address is substituted with dst. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure DNS translation.
fortios_firewall_dnstranslation:
vdom: "{{ vdom }}"
state: "present"
firewall_dnstranslation:
dst: "<your_own_value>"
id: "4"
netmask: "<your_own_value>"
src: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_dos_policy – Configure IPv4 DoS policies in Fortinet’s FortiOS and FortiGate.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and dos_policy category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- firewall_dos_policy - Configure IPv4 DoS policies. type: dict
- anomaly - Anomaly name. type: list
- action - Action taken when the threshold is reached. type: str choices: pass, block
- log - Enable/disable anomaly logging. type: str choices: enable, disable
- name - Anomaly name. type: str required: True
- quarantine - Quarantine method. type: str choices: none, attacker
- quarantine_expiry - Duration of quarantine. (Format type: str
- quarantine_log - Enable/disable quarantine logging. type: str choices: disable, enable
- status - Enable/disable this anomaly. type: str choices: disable, enable
- threshold - Anomaly threshold. Number of detected instances per minute that triggers the anomaly action. type: int
- threshold(default) - Number of detected instances per minute which triggers action (1 - 2147483647). Note that each anomaly has a different threshold value assigned to it. type: int
- comments - Comment. type: str
- dstaddr - Destination address name from available addresses. type: list
- name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: True
- interface - Incoming interface name from available interfaces. Source system.zone.name system.interface.name. type: str
- policyid - Policy ID. type: int required: True
- service - Service object from available options. type: list
- name - Service name. Source firewall.service.custom.name firewall.service.group.name. type: str required: True
- srcaddr - Source address name from available addresses. type: list
- name - Service name. Source firewall.address.name firewall.addrgrp.name. type: str required: True
- status - Enable/disable this policy. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IPv4 DoS policies.
fortios_firewall_dos_policy:
vdom: "{{ vdom }}"
state: "present"
firewall_dos_policy:
anomaly:
-
action: "pass"
log: "enable"
name: "default_name_6"
quarantine: "none"
quarantine_expiry: "<your_own_value>"
quarantine_log: "disable"
status: "disable"
threshold: "11"
threshold(default): "12"
comments: "<your_own_value>"
dstaddr:
-
name: "default_name_15 (source firewall.address.name firewall.addrgrp.name)"
interface: "<your_own_value> (source system.zone.name system.interface.name)"
policyid: "17"
service:
-
name: "default_name_19 (source firewall.service.custom.name firewall.service.group.name)"
srcaddr:
-
name: "default_name_21 (source firewall.address.name firewall.addrgrp.name)"
status: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_dos_policy6 – Configure IPv6 DoS policies in Fortinet’s FortiOS and FortiGate.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and dos_policy6 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- firewall_dos_policy6 - Configure IPv6 DoS policies. type: dict
- anomaly - Anomaly name. type: list
- action - Action taken when the threshold is reached. type: str choices: pass, block
- log - Enable/disable anomaly logging. type: str choices: enable, disable
- name - Anomaly name. type: str required: True
- quarantine - Quarantine method. type: str choices: none, attacker
- quarantine_expiry - Duration of quarantine. (Format type: str
- quarantine_log - Enable/disable quarantine logging. type: str choices: disable, enable
- status - Enable/disable this anomaly. type: str choices: disable, enable
- threshold - Anomaly threshold. Number of detected instances per minute that triggers the anomaly action. type: int
- threshold(default) - Number of detected instances per minute which triggers action (1 - 2147483647). Note that each anomaly has a different threshold value assigned to it. type: int
- comments - Comment. type: str
- dstaddr - Destination address name from available addresses. type: list
- name - Address name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: True
- interface - Incoming interface name from available interfaces. Source system.zone.name system.interface.name. type: str
- policyid - Policy ID. type: int required: True
- service - Service object from available options. type: list
- name - Service name. Source firewall.service.custom.name firewall.service.group.name. type: str required: True
- srcaddr - Source address name from available addresses. type: list
- name - Service name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: True
- status - Enable/disable this policy. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IPv6 DoS policies.
fortios_firewall_dos_policy6:
vdom: "{{ vdom }}"
state: "present"
firewall_dos_policy6:
anomaly:
-
action: "pass"
log: "enable"
name: "default_name_6"
quarantine: "none"
quarantine_expiry: "<your_own_value>"
quarantine_log: "disable"
status: "disable"
threshold: "11"
threshold(default): "12"
comments: "<your_own_value>"
dstaddr:
-
name: "default_name_15 (source firewall.address6.name firewall.addrgrp6.name)"
interface: "<your_own_value> (source system.zone.name system.interface.name)"
policyid: "17"
service:
-
name: "default_name_19 (source firewall.service.custom.name firewall.service.group.name)"
srcaddr:
-
name: "default_name_21 (source firewall.address6.name firewall.addrgrp6.name)"
status: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_identity_based_route – Configure identity based routing in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and identity_based_route category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_identity_based_route - Configure identity based routing. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- comments - Comments. type: str
- name - Name. type: str required: True
- rule - Rule. type: list
- device - Outgoing interface for the rule. Source system.interface.name. type: str
- gateway - IPv4 address of the gateway (Format: xxx.xxx.xxx.xxx ). type: str
- groups - Select one or more group(s) from available groups that are allowed to use this route. Separate group names with a space. type: list
- name - Group name. Source user.group.name. type: str required: True
- id - Rule ID. type: int required: True
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure identity based routing.
fortios_firewall_identity_based_route:
vdom: "{{ vdom }}"
state: "present"
firewall_identity_based_route:
comments: "<your_own_value>"
name: "default_name_4"
rule:
-
device: "<your_own_value> (source system.interface.name)"
gateway: "<your_own_value>"
groups:
-
name: "default_name_9 (source user.group.name)"
id: "10"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_interface_policy – Configure IPv4 interface policies in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and interface_policy category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_interface_policy - Configure IPv4 interface policies. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- address_type - Policy address type (IPv4 or IPv6). type: str choices: ipv4, ipv6
- application_list - Application list name. Source application.list.name. type: str
- application_list_status - Enable/disable application control. type: str choices: enable, disable
- av_profile - Antivirus profile. Source antivirus.profile.name. type: str
- av_profile_status - Enable/disable antivirus. type: str choices: enable, disable
- comments - Comments. type: str
- dlp_sensor - DLP sensor name. Source dlp.sensor.name. type: str
- dlp_sensor_status - Enable/disable DLP. type: str choices: enable, disable
- dsri - Enable/disable DSRI. type: str choices: enable, disable
- dstaddr - Address object to limit traffic monitoring to network traffic sent to the specified address or range. type: list
- name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: True
- interface - Monitored interface name from available interfaces. Source system.zone.name system.interface.name. type: str
- ips_sensor - IPS sensor name. Source ips.sensor.name. type: str
- ips_sensor_status - Enable/disable IPS. type: str choices: enable, disable
- label - Label. type: str
- logtraffic - Logging type to be used in this policy (Options: all | utm | disable). type: str choices: all, utm, disable
- policyid - Policy ID. type: int required: True
- scan_botnet_connections - Enable/disable scanning for connections to Botnet servers. type: str choices: disable, block, monitor
- service - Service object from available options. type: list
- name - Service name. Source firewall.service.custom.name firewall.service.group.name. type: str required: True
- spamfilter_profile - Antispam profile. Source spamfilter.profile.name. type: str
- spamfilter_profile_status - Enable/disable antispam. type: str choices: enable, disable
- srcaddr - Address object to limit traffic monitoring to network traffic sent from the specified address or range. type: list
- name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: True
- status - Enable/disable this policy. type: str choices: enable, disable
- webfilter_profile - Web filter profile. Source webfilter.profile.name. type: str
- webfilter_profile_status - Enable/disable web filtering. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IPv4 interface policies.
fortios_firewall_interface_policy:
vdom: "{{ vdom }}"
state: "present"
firewall_interface_policy:
address_type: "ipv4"
application_list: "<your_own_value> (source application.list.name)"
application_list_status: "enable"
av_profile: "<your_own_value> (source antivirus.profile.name)"
av_profile_status: "enable"
comments: "<your_own_value>"
dlp_sensor: "<your_own_value> (source dlp.sensor.name)"
dlp_sensor_status: "enable"
dsri: "enable"
dstaddr:
-
name: "default_name_13 (source firewall.address.name firewall.addrgrp.name)"
interface: "<your_own_value> (source system.zone.name system.interface.name)"
ips_sensor: "<your_own_value> (source ips.sensor.name)"
ips_sensor_status: "enable"
label: "<your_own_value>"
logtraffic: "all"
policyid: "19"
scan_botnet_connections: "disable"
service:
-
name: "default_name_22 (source firewall.service.custom.name firewall.service.group.name)"
spamfilter_profile: "<your_own_value> (source spamfilter.profile.name)"
spamfilter_profile_status: "enable"
srcaddr:
-
name: "default_name_26 (source firewall.address.name firewall.addrgrp.name)"
status: "enable"
webfilter_profile: "<your_own_value> (source webfilter.profile.name)"
webfilter_profile_status: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_interface_policy6 – Configure IPv6 interface policies in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and interface_policy6 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_interface_policy6 - Configure IPv6 interface policies. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- address_type - Policy address type (IPv4 or IPv6). type: str choices: ipv4, ipv6
- application_list - Application list name. Source application.list.name. type: str
- application_list_status - Enable/disable application control. type: str choices: enable, disable
- av_profile - Antivirus profile. Source antivirus.profile.name. type: str
- av_profile_status - Enable/disable antivirus. type: str choices: enable, disable
- comments - Comments. type: str
- dlp_sensor - DLP sensor name. Source dlp.sensor.name. type: str
- dlp_sensor_status - Enable/disable DLP. type: str choices: enable, disable
- dsri - Enable/disable DSRI. type: str choices: enable, disable
- dstaddr6 - IPv6 address object to limit traffic monitoring to network traffic sent to the specified address or range. type: list
- name - Address name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: True
- interface - Monitored interface name from available interfaces. Source system.zone.name system.interface.name. type: str
- ips_sensor - IPS sensor name. Source ips.sensor.name. type: str
- ips_sensor_status - Enable/disable IPS. type: str choices: enable, disable
- label - Label. type: str
- logtraffic - Logging type to be used in this policy (Options: all | utm | disable). type: str choices: all, utm, disable
- policyid - Policy ID. type: int required: True
- scan_botnet_connections - Enable/disable scanning for connections to Botnet servers. type: str choices: disable, block, monitor
- service6 - Service name. type: list
- name - Address name. Source firewall.service.custom.name firewall.service.group.name. type: str required: True
- spamfilter_profile - Antispam profile. Source spamfilter.profile.name. type: str
- spamfilter_profile_status - Enable/disable antispam. type: str choices: enable, disable
- srcaddr6 - IPv6 address object to limit traffic monitoring to network traffic sent from the specified address or range. type: list
- name - Address name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: True
- status - Enable/disable this policy. type: str choices: enable, disable
- webfilter_profile - Web filter profile. Source webfilter.profile.name. type: str
- webfilter_profile_status - Enable/disable web filtering. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IPv6 interface policies.
fortios_firewall_interface_policy6:
vdom: "{{ vdom }}"
state: "present"
firewall_interface_policy6:
address_type: "ipv4"
application_list: "<your_own_value> (source application.list.name)"
application_list_status: "enable"
av_profile: "<your_own_value> (source antivirus.profile.name)"
av_profile_status: "enable"
comments: "<your_own_value>"
dlp_sensor: "<your_own_value> (source dlp.sensor.name)"
dlp_sensor_status: "enable"
dsri: "enable"
dstaddr6:
-
name: "default_name_13 (source firewall.address6.name firewall.addrgrp6.name)"
interface: "<your_own_value> (source system.zone.name system.interface.name)"
ips_sensor: "<your_own_value> (source ips.sensor.name)"
ips_sensor_status: "enable"
label: "<your_own_value>"
logtraffic: "all"
policyid: "19"
scan_botnet_connections: "disable"
service6:
-
name: "default_name_22 (source firewall.service.custom.name firewall.service.group.name)"
spamfilter_profile: "<your_own_value> (source spamfilter.profile.name)"
spamfilter_profile_status: "enable"
srcaddr6:
-
name: "default_name_26 (source firewall.address6.name firewall.addrgrp6.name)"
status: "enable"
webfilter_profile: "<your_own_value> (source webfilter.profile.name)"
webfilter_profile_status: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_internet_service – Show Internet Service application in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and internet_service category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_internet_service - Show Internet Service application. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- database - Database name this Internet Service belongs to. type: str choices: isdb, irdb
- direction - How this service may be used in a firewall policy (source, destination or both). type: str choices: src, dst, both
- entry - Entries in the Internet Service database. type: list
- id - Entry ID. type: int required: True
- ip_number - Total number of IP addresses. type: int
- ip_range_number - Total number of IP ranges. type: int
- port - Integer value for the TCP/IP port (0 - 65535). type: int
- protocol - Integer value for the protocol type as defined by IANA (0 - 255). type: int
- icon_id - Icon ID of Internet Service. type: int
- id - Internet Service ID. type: int required: True
- name - Internet Service name. type: str
- offset - Offset of Internet Service ID. type: int
- reputation - Reputation level of the Internet Service. type: int
- sld_id - Second Level Domain. type: int
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Show Internet Service application.
fortios_firewall_internet_service:
vdom: "{{ vdom }}"
state: "present"
firewall_internet_service:
database: "isdb"
direction: "src"
entry:
-
id: "6"
ip_number: "7"
ip_range_number: "8"
port: "9"
protocol: "10"
icon_id: "11"
id: "12"
name: "default_name_13"
offset: "14"
reputation: "15"
sld_id: "16"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_internet_service_custom – Configure custom Internet Services in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and internet_service_custom category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_internet_service_custom - Configure custom Internet Services. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- comment - Comment. type: str
- disable_entry - Disable entries in the Internet Service database. type: list
- id - Disable entry ID. type: int required: True
- ip_range - IP ranges in the disable entry. type: list
- end_ip - End IP address. type: str
- id - Disable entry range ID. type: int required: True
- start_ip - Start IP address. type: str
- port - Integer value for the TCP/IP port (0 - 65535). type: int
- protocol - Integer value for the protocol type as defined by IANA (0 - 255). type: int
- entry - Entries added to the Internet Service database and custom database. type: list
- dst - Destination address or address group name. type: list
- name - Select the destination address or address group object from available options. Source firewall.address.name firewall .addrgrp.name. type: str required: True
- id - Entry ID(1-255). type: int required: True
- port_range - Port ranges in the custom entry. type: list
- end_port - Integer value for ending TCP/UDP/SCTP destination port in range (1 to 65535). type: int
- id - Custom entry port range ID. type: int required: True
- start_port - Integer value for starting TCP/UDP/SCTP destination port in range (1 to 65535). type: int
- protocol - Integer value for the protocol type as defined by IANA (0 - 255). type: int
- master_service_id - Internet Service ID in the Internet Service database. Source firewall.internet-service.id. type: int
- name - Internet Service name. type: str required: True
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure custom Internet Services.
fortios_firewall_internet_service_custom:
vdom: "{{ vdom }}"
state: "present"
firewall_internet_service_custom:
comment: "Comment."
disable_entry:
-
id: "5"
ip_range:
-
end_ip: "<your_own_value>"
id: "8"
start_ip: "<your_own_value>"
port: "10"
protocol: "11"
entry:
-
dst:
-
name: "default_name_14 (source firewall.address.name firewall.addrgrp.name)"
id: "15"
port_range:
-
end_port: "17"
id: "18"
start_port: "19"
protocol: "20"
master_service_id: "21 (source firewall.internet-service.id)"
name: "default_name_22"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_internet_service_custom_group – Configure custom Internet Service group in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and internet_service_custom_group category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- firewall_internet_service_custom_group - Configure custom Internet Service group. type: dict
- comment - Comment. type: str
- member - Custom Internet Service group members. type: list
- name - Group member name. Source firewall.internet-service-custom.name. type: str required: True
- name - Custom Internet Service group name. type: str required: True
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure custom Internet Service group.
fortios_firewall_internet_service_custom_group:
vdom: "{{ vdom }}"
state: "present"
firewall_internet_service_custom_group:
comment: "Comment."
member:
-
name: "default_name_5 (source firewall.internet-service-custom.name)"
name: "default_name_6"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_internet_service_group – Configure group of Internet Service in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and internet_service_group category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_internet_service_group - Configure group of Internet Service. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- comment - Comment. type: str
- member - Internet Service group member. type: list
- id - Internet Service ID. Source firewall.internet-service.id. type: int required: True
- name - Internet Service group name. type: str required: True
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure group of Internet Service.
fortios_firewall_internet_service_group:
vdom: "{{ vdom }}"
state: "present"
firewall_internet_service_group:
comment: "Comment."
member:
-
id: "5 (source firewall.internet-service.id)"
name: "default_name_6"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_ip_translation – Configure firewall IP-translation in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and ip_translation category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_ip_translation - Configure firewall IP-translation. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- endip - Final IPv4 address (inclusive) in the range of the addresses to be translated (format xxx.xxx.xxx.xxx). type: str
- map_startip - Address to be used as the starting point for translation in the range (format xxx.xxx.xxx.xxx). type: str
- startip - First IPv4 address (inclusive) in the range of the addresses to be translated (format xxx.xxx.xxx.xxx). type: str
- transid - IP translation ID. type: int required: True
- type - IP translation type (option: SCTP). type: str choices: SCTP
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure firewall IP-translation.
fortios_firewall_ip_translation:
vdom: "{{ vdom }}"
state: "present"
firewall_ip_translation:
endip: "<your_own_value>"
map_startip: "<your_own_value>"
startip: "<your_own_value>"
transid: "6"
type: "SCTP"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_ipmacbinding_setting – Configure IP to MAC binding settings in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall_ipmacbinding feature and setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- firewall_ipmacbinding_setting - Configure IP to MAC binding settings. type: dict
- bindthroughfw - Enable/disable use of IP/MAC binding to filter packets that would normally go through the firewall. type: str choices: enable, disable
- bindtofw - Enable/disable use of IP/MAC binding to filter packets that would normally go to the firewall. type: str choices: enable, disable
- undefinedhost - Select action to take on packets with IP/MAC addresses not in the binding list . type: str choices: allow, block
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IP to MAC binding settings.
fortios_firewall_ipmacbinding_setting:
vdom: "{{ vdom }}"
firewall_ipmacbinding_setting:
bindthroughfw: "enable"
bindtofw: "enable"
undefinedhost: "allow"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_ipmacbinding_table – Configure IP to MAC address pairs in the IP/MAC binding table in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall_ipmacbinding feature and table category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_ipmacbinding_table - Configure IP to MAC address pairs in the IP/MAC binding table. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- ip - IPv4 address portion of the pair (format: xxx.xxx.xxx.xxx). type: str
- mac - MAC address portion of the pair (format: xx:xx:xx:xx:xx:xx in hexidecimal). type: str
- name - Name of the pair (optional). type: str
- seq_num - Entry number. type: int
- status - Enable/disable this IP-mac binding pair. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IP to MAC address pairs in the IP/MAC binding table.
fortios_firewall_ipmacbinding_table:
vdom: "{{ vdom }}"
state: "present"
firewall_ipmacbinding_table:
ip: "<your_own_value>"
mac: "<your_own_value>"
name: "default_name_5"
seq_num: "6"
status: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_ippool – Configure IPv4 IP pools in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and ippool category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_ippool - Configure IPv4 IP pools. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- arp_intf - Select an interface from available options that will reply to ARP requests. (If blank, any is selected). Source system.interface.name. type: str
- arp_reply - Enable/disable replying to ARP requests when an IP Pool is added to a policy . type: str choices: disable, enable
- associated_interface - Associated interface name. Source system.interface.name. type: str
- block_size - Number of addresses in a block (64 to 4096). type: int
- comments - Comment. type: str
- endip - Final IPv4 address (inclusive) in the range for the address pool (format xxx.xxx.xxx.xxx). type: str
- name - IP pool name. type: str required: True
- num_blocks_per_user - Number of addresses blocks that can be used by a user (1 to 128). type: int
- pba_timeout - Port block allocation timeout (seconds). type: int
- permit_any_host - Enable/disable full cone NAT. type: str choices: disable, enable
- source_endip - Final IPv4 address (inclusive) in the range of the source addresses to be translated (format xxx.xxx.xxx.xxx). type: str
- source_startip - First IPv4 address (inclusive) in the range of the source addresses to be translated (format xxx.xxx.xxx.xxx). type: str
- startip - First IPv4 address (inclusive) in the range for the address pool (format xxx.xxx.xxx.xxx). type: str
- type - IP pool type (overload, one-to-one, fixed port range, or port block allocation). type: str choices: overload, one-to-one, fixed-port-range, port-block-allocation
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IPv4 IP pools.
fortios_firewall_ippool:
vdom: "{{ vdom }}"
state: "present"
firewall_ippool:
arp_intf: "<your_own_value> (source system.interface.name)"
arp_reply: "disable"
associated_interface: "<your_own_value> (source system.interface.name)"
block_size: "6"
comments: "<your_own_value>"
endip: "<your_own_value>"
name: "default_name_9"
num_blocks_per_user: "10"
pba_timeout: "11"
permit_any_host: "disable"
source_endip: "<your_own_value>"
source_startip: "<your_own_value>"
startip: "<your_own_value>"
type: "overload"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_ippool6 – Configure IPv6 IP pools in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and ippool6 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_ippool6 - Configure IPv6 IP pools. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- comments - Comment. type: str
- endip - Final IPv6 address (inclusive) in the range for the address pool (format xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx). type: str
- name - IPv6 IP pool name. type: str required: True
- startip - First IPv6 address (inclusive) in the range for the address pool (format xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx). type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IPv6 IP pools.
fortios_firewall_ippool6:
vdom: "{{ vdom }}"
state: "present"
firewall_ippool6:
comments: "<your_own_value>"
endip: "<your_own_value>"
name: "default_name_5"
startip: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_ipv6_eh_filter – Configure IPv6 extension header filter in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and ipv6_eh_filter category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- firewall_ipv6_eh_filter - Configure IPv6 extension header filter. type: dict
- auth - Enable/disable blocking packets with the Authentication header . type: str choices: enable, disable
- dest_opt - Enable/disable blocking packets with Destination Options headers . type: str choices: enable, disable
- fragment - Enable/disable blocking packets with the Fragment header . type: str choices: enable, disable
- hdopt_type - Block specific Hop-by-Hop and/or Destination Option types (max. 7 types, each between 0 and 255). type: int
- hop_opt - Enable/disable blocking packets with the Hop-by-Hop Options header . type: str choices: enable, disable
- no_next - Enable/disable blocking packets with the No Next header type: str choices: enable, disable
- routing - Enable/disable blocking packets with Routing headers . type: str choices: enable, disable
- routing_type - Block specific Routing header types (max. 7 types, each between 0 and 255). type: int
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IPv6 extension header filter.
fortios_firewall_ipv6_eh_filter:
vdom: "{{ vdom }}"
firewall_ipv6_eh_filter:
auth: "enable"
dest_opt: "enable"
fragment: "enable"
hdopt_type: "6"
hop_opt: "enable"
no_next: "enable"
routing: "enable"
routing_type: "10"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_ldb_monitor – Configure server load balancing health monitors in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and ldb_monitor category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_ldb_monitor - Configure server load balancing health monitors. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- http_get - URL used to send a GET request to check the health of an HTTP server. type: str
- http_match - String to match the value expected in response to an HTTP-GET request. type: str
- http_max_redirects - The maximum number of HTTP redirects to be allowed (0 - 5). type: int
- interval - Time between health checks (5 - 65635 sec). type: int
- name - Monitor name. type: str required: True
- port - Service port used to perform the health check. If 0, health check monitor inherits port configured for the server (0 - 65635). type: int
- retry - Number health check attempts before the server is considered down (1 - 255). type: int
- timeout - Time to wait to receive response to a health check from a server. Reaching the timeout means the health check failed (1 - 255 sec). type: int
- type - Select the Monitor type used by the health check monitor to check the health of the server (PING | TCP | HTTP). type: str choices: ping, tcp, http, passive-sip
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure server load balancing health monitors.
fortios_firewall_ldb_monitor:
vdom: "{{ vdom }}"
state: "present"
firewall_ldb_monitor:
http_get: "<your_own_value>"
http_match: "<your_own_value>"
http_max_redirects: "5"
interval: "6"
name: "default_name_7"
port: "8"
retry: "9"
timeout: "10"
type: "ping"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_local_in_policy – Configure user defined IPv4 local-in policies in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and local_in_policy category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_local_in_policy - Configure user defined IPv4 local-in policies. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- action - Action performed on traffic matching the policy . type: str choices: accept, deny
- comments - Comment. type: str
- dstaddr - Destination address object from available options. type: list
- name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: True
- ha_mgmt_intf_only - Enable/disable dedicating the HA management interface only for local-in policy. type: str choices: enable, disable
- intf - Incoming interface name from available options. Source system.zone.name system.interface.name. type: str
- policyid - User defined local in policy ID. type: int required: True
- schedule - Schedule object from available options. Source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group .name. type: str
- service - Service object from available options. type: list
- name - Service name. Source firewall.service.custom.name firewall.service.group.name. type: str required: True
- srcaddr - Source address object from available options. type: list
- name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: True
- status - Enable/disable this local-in policy. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure user defined IPv4 local-in policies.
fortios_firewall_local_in_policy:
vdom: "{{ vdom }}"
state: "present"
firewall_local_in_policy:
action: "accept"
comments: "<your_own_value>"
dstaddr:
-
name: "default_name_6 (source firewall.address.name firewall.addrgrp.name)"
ha_mgmt_intf_only: "enable"
intf: "<your_own_value> (source system.zone.name system.interface.name)"
policyid: "9"
schedule: "<your_own_value> (source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name)"
service:
-
name: "default_name_12 (source firewall.service.custom.name firewall.service.group.name)"
srcaddr:
-
name: "default_name_14 (source firewall.address.name firewall.addrgrp.name)"
status: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_local_in_policy6 – Configure user defined IPv6 local-in policies in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and local_in_policy6 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_local_in_policy6 - Configure user defined IPv6 local-in policies. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- action - Action performed on traffic matching the policy . type: str choices: accept, deny
- comments - Comment. type: str
- dstaddr - Destination address object from available options. type: list
- name - Address name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: True
- intf - Incoming interface name from available options. Source system.zone.name system.interface.name. type: str
- policyid - User defined local in policy ID. type: int required: True
- schedule - Schedule object from available options. Source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group .name. type: str
- service - Service object from available options. Separate names with a space. type: list
- name - Service name. Source firewall.service.custom.name firewall.service.group.name. type: str required: True
- srcaddr - Source address object from available options. type: list
- name - Address name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: True
- status - Enable/disable this local-in policy. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure user defined IPv6 local-in policies.
fortios_firewall_local_in_policy6:
vdom: "{{ vdom }}"
state: "present"
firewall_local_in_policy6:
action: "accept"
comments: "<your_own_value>"
dstaddr:
-
name: "default_name_6 (source firewall.address6.name firewall.addrgrp6.name)"
intf: "<your_own_value> (source system.zone.name system.interface.name)"
policyid: "8"
schedule: "<your_own_value> (source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name)"
service:
-
name: "default_name_11 (source firewall.service.custom.name firewall.service.group.name)"
srcaddr:
-
name: "default_name_13 (source firewall.address6.name firewall.addrgrp6.name)"
status: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_multicast_address – Configure multicast addresses in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and multicast_address category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_multicast_address - Configure multicast addresses. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- associated_interface - Interface associated with the address object. When setting up a policy, only addresses associated with this interface are available. Source system.interface.name. type: str
- color - Integer value to determine the color of the icon in the GUI (1 - 32). type: int
- comment - Comment. type: str
- end_ip - Final IPv4 address (inclusive) in the range for the address. type: str
- name - Multicast address name. type: str required: True
- start_ip - First IPv4 address (inclusive) in the range for the address. type: str
- subnet - Broadcast address and subnet. type: str
- tagging - Config object tagging. type: list
- category - Tag category. Source system.object-tagging.category. type: str
- name - Tagging entry name. type: str required: True
- tags - Tags. type: list
- name - Tag name. Source system.object-tagging.tags.name. type: str required: True
- type - Type of address object: multicast IP address range or broadcast IP/mask to be treated as a multicast address. type: str choices: multicastrange, broadcastmask
- visibility - Enable/disable visibility of the multicast address on the GUI. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure multicast addresses.
fortios_firewall_multicast_address:
vdom: "{{ vdom }}"
state: "present"
firewall_multicast_address:
associated_interface: "<your_own_value> (source system.interface.name)"
color: "4"
comment: "Comment."
end_ip: "<your_own_value>"
name: "default_name_7"
start_ip: "<your_own_value>"
subnet: "<your_own_value>"
tagging:
-
category: "<your_own_value> (source system.object-tagging.category)"
name: "default_name_12"
tags:
-
name: "default_name_14 (source system.object-tagging.tags.name)"
type: "multicastrange"
visibility: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_multicast_address6 – Configure IPv6 multicast address in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and multicast_address6 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_multicast_address6 - Configure IPv6 multicast address. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- color - Color of icon on the GUI. type: int
- comment - Comment. type: str
- ip6 - IPv6 address prefix (format: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx). type: str
- name - IPv6 multicast address name. type: str required: True
- tagging - Config object tagging. type: list
- category - Tag category. Source system.object-tagging.category. type: str
- name - Tagging entry name. type: str required: True
- tags - Tags. type: list
- name - Tag name. Source system.object-tagging.tags.name. type: str required: True
- visibility - Enable/disable visibility of the IPv6 multicast address on the GUI. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IPv6 multicast address.
fortios_firewall_multicast_address6:
vdom: "{{ vdom }}"
state: "present"
firewall_multicast_address6:
color: "3"
comment: "Comment."
ip6: "<your_own_value>"
name: "default_name_6"
tagging:
-
category: "<your_own_value> (source system.object-tagging.category)"
name: "default_name_9"
tags:
-
name: "default_name_11 (source system.object-tagging.tags.name)"
visibility: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_multicast_policy – Configure multicast NAT policies in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and multicast_policy category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_multicast_policy - Configure multicast NAT policies. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- action - Accept or deny traffic matching the policy. type: str choices: accept, deny
- dnat - IPv4 DNAT address used for multicast destination addresses. type: str
- dstaddr - Destination address objects. type: list
- name - Destination address objects. Source firewall.multicast-address.name. type: str required: True
- dstintf - Destination interface name. Source system.interface.name system.zone.name. type: str
- end_port - Integer value for ending TCP/UDP/SCTP destination port in range (1 - 65535). type: int
- id - Policy ID. type: int required: True
- logtraffic - Enable/disable logging traffic accepted by this policy. type: str choices: enable, disable
- protocol - Integer value for the protocol type as defined by IANA (0 - 255). type: int
- snat - Enable/disable substitution of the outgoing interface IP address for the original source IP address (called source NAT or SNAT). type: str choices: enable, disable
- snat_ip - IPv4 address to be used as the source address for NATed traffic. type: str
- srcaddr - Source address objects. type: list
- name - Source address objects. Source firewall.address.name firewall.addrgrp.name. type: str required: True
- srcintf - Source interface name. Source system.interface.name system.zone.name. type: str
- start_port - Integer value for starting TCP/UDP/SCTP destination port in range (1 - 65535). type: int
- status - Enable/disable this policy. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure multicast NAT policies.
fortios_firewall_multicast_policy:
vdom: "{{ vdom }}"
state: "present"
firewall_multicast_policy:
action: "accept"
dnat: "<your_own_value>"
dstaddr:
-
name: "default_name_6 (source firewall.multicast-address.name)"
dstintf: "<your_own_value> (source system.interface.name system.zone.name)"
end_port: "8"
id: "9"
logtraffic: "enable"
protocol: "11"
snat: "enable"
snat_ip: "<your_own_value>"
srcaddr:
-
name: "default_name_15 (source firewall.address.name firewall.addrgrp.name)"
srcintf: "<your_own_value> (source system.interface.name system.zone.name)"
start_port: "17"
status: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_multicast_policy6 – Configure IPv6 multicast NAT policies in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and multicast_policy6 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_multicast_policy6 - Configure IPv6 multicast NAT policies. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- action - Accept or deny traffic matching the policy. type: str choices: accept, deny
- dstaddr - IPv6 destination address name. type: list
- name - Address name. Source firewall.multicast-address6.name. type: str required: True
- dstintf - IPv6 destination interface name. Source system.interface.name system.zone.name. type: str
- end_port - Integer value for ending TCP/UDP/SCTP destination port in range (1 - 65535). type: int
- id - Policy ID. type: int required: True
- logtraffic - Enable/disable logging traffic accepted by this policy. type: str choices: enable, disable
- protocol - Integer value for the protocol type as defined by IANA (0 - 255). type: int
- srcaddr - IPv6 source address name. type: list
- name - Address name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: True
- srcintf - IPv6 source interface name. Source system.interface.name system.zone.name. type: str
- start_port - Integer value for starting TCP/UDP/SCTP destination port in range (1 - 65535). type: int
- status - Enable/disable this policy. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IPv6 multicast NAT policies.
fortios_firewall_multicast_policy6:
vdom: "{{ vdom }}"
state: "present"
firewall_multicast_policy6:
action: "accept"
dstaddr:
-
name: "default_name_5 (source firewall.multicast-address6.name)"
dstintf: "<your_own_value> (source system.interface.name system.zone.name)"
end_port: "7"
id: "8"
logtraffic: "enable"
protocol: "10"
srcaddr:
-
name: "default_name_12 (source firewall.address6.name firewall.addrgrp6.name)"
srcintf: "<your_own_value> (source system.interface.name system.zone.name)"
start_port: "14"
status: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_policy – Configure IPv4 policies in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and policy category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_policy - Configure IPv4 policies. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- action - Policy action (allow/deny/ipsec). type: str choices: accept, deny, ipsec
- app_category - Application category ID list. type: list
- id - Category IDs. type: int required: True
- app_group - Application group names. type: list
- name - Application group names. Source application.group.name. type: str required: True
- application - Application ID list. type: list
- id - Application IDs. type: int required: True
- application_list - Name of an existing Application list. Source application.list.name. type: str
- auth_cert - HTTPS server certificate for policy authentication. Source vpn.certificate.local.name. type: str
- auth_path - Enable/disable authentication-based routing. type: str choices: enable, disable
- auth_redirect_addr - HTTP-to-HTTPS redirect address for firewall authentication. type: str
- av_profile - Name of an existing Antivirus profile. Source antivirus.profile.name. type: str
- block_notification - Enable/disable block notification. type: str choices: enable, disable
- captive_portal_exempt - Enable to exempt some users from the captive portal. type: str choices: enable, disable
- capture_packet - Enable/disable capture packets. type: str choices: enable, disable
- comments - Comment. type: str
- custom_log_fields - Custom fields to append to log messages for this policy. type: list
- field_id - Custom log field. Source log.custom-field.id. type: str
- delay_tcp_npu_session - Enable TCP NPU session delay to guarantee packet order of 3-way handshake. type: str choices: enable, disable
- devices - Names of devices or device groups that can be matched by the policy. type: list
- name - Device or group name. Source user.device.alias user.device-group.name user.device-category.name. type: str required: True
- diffserv_forward - Enable to change packet"s DiffServ values to the specified diffservcode-forward value. type: str choices: enable, disable
- diffserv_reverse - Enable to change packet"s reverse (reply) DiffServ values to the specified diffservcode-rev value. type: str choices: enable, disable
- diffservcode_forward - Change packet"s DiffServ to this value. type: str
- diffservcode_rev - Change packet"s reverse (reply) DiffServ to this value. type: str
- disclaimer - Enable/disable user authentication disclaimer. type: str choices: enable, disable
- dlp_sensor - Name of an existing DLP sensor. Source dlp.sensor.name. type: str
- dnsfilter_profile - Name of an existing DNS filter profile. Source dnsfilter.profile.name. type: str
- dscp_match - Enable DSCP check. type: str choices: enable, disable
- dscp_negate - Enable negated DSCP match. type: str choices: enable, disable
- dscp_value - DSCP value. type: str
- dsri - Enable DSRI to ignore HTTP server responses. type: str choices: enable, disable
- dstaddr - Destination address and address group names. type: list
- name - Address name. Source firewall.address.name firewall.addrgrp.name firewall.vip.name firewall.vipgrp.name. type: str required: True
- dstaddr_negate - When enabled dstaddr specifies what the destination address must NOT be. type: str choices: enable, disable
- dstintf - Outgoing (egress) interface. type: list
- name - Interface name. Source system.interface.name system.zone.name. type: str required: True
- firewall_session_dirty - How to handle sessions if the configuration of this firewall policy changes. type: str choices: check-all, check-new
- fixedport - Enable to prevent source NAT from changing a session"s source port. type: str choices: enable, disable
- fsso - Enable/disable Fortinet Single Sign-On. type: str choices: enable, disable
- fsso_agent_for_ntlm - FSSO agent to use for NTLM authentication. Source user.fsso.name. type: str
- global_label - Label for the policy that appears when the GUI is in Global View mode. type: str
- groups - Names of user groups that can authenticate with this policy. type: list
- name - Group name. Source user.group.name. type: str required: True
- icap_profile - Name of an existing ICAP profile. Source icap.profile.name. type: str
- identity_based_route - Name of identity-based routing rule. Source firewall.identity-based-route.name. type: str
- inbound - Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. type: str choices: enable, disable
- internet_service - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. type: str choices: enable, disable
- internet_service_custom - Custom Internet Service name. type: list
- name - Custom Internet Service name. Source firewall.internet-service-custom.name. type: str required: True
- internet_service_id - Internet Service ID. type: list
- id - Internet Service ID. Source firewall.internet-service.id. type: int required: True
- internet_service_negate - When enabled internet-service specifies what the service must NOT be. type: str choices: enable, disable
- internet_service_src - Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. type: str choices: enable, disable
- internet_service_src_custom - Custom Internet Service source name. type: list
- name - Custom Internet Service name. Source firewall.internet-service-custom.name. type: str required: True
- internet_service_src_id - Internet Service source ID. type: list
- id - Internet Service ID. Source firewall.internet-service.id. type: int required: True
- internet_service_src_negate - When enabled internet-service-src specifies what the service must NOT be. type: str choices: enable, disable
- ippool - Enable to use IP Pools for source NAT. type: str choices: enable, disable
- ips_sensor - Name of an existing IPS sensor. Source ips.sensor.name. type: str
- label - Label for the policy that appears when the GUI is in Section View mode. type: str
- learning_mode - Enable to allow everything, but log all of the meaningful data for security information gathering. A learning report will be generated. type: str choices: enable, disable
- logtraffic - Enable or disable logging. Log all sessions or security profile sessions. type: str choices: all, utm, disable
- logtraffic_start - Record logs when a session starts and ends. type: str choices: enable, disable
- match_vip - Enable to match packets that have had their destination addresses changed by a VIP. type: str choices: enable, disable
- name - Policy name. type: str
- nat - Enable/disable source NAT. type: str choices: enable, disable
- natinbound - Policy-based IPsec VPN: apply destination NAT to inbound traffic. type: str choices: enable, disable
- natip - Policy-based IPsec VPN: source NAT IP address for outgoing traffic. type: str
- natoutbound - Policy-based IPsec VPN: apply source NAT to outbound traffic. type: str choices: enable, disable
- ntlm - Enable/disable NTLM authentication. type: str choices: enable, disable
- ntlm_enabled_browsers - HTTP-User-Agent value of supported browsers. type: list
- user_agent_string - User agent string. type: str
- ntlm_guest - Enable/disable NTLM guest user access. type: str choices: enable, disable
- outbound - Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. type: str choices: enable, disable
- per_ip_shaper - Per-IP traffic shaper. Source firewall.shaper.per-ip-shaper.name. type: str
- permit_any_host - Accept UDP packets from any host. type: str choices: enable, disable
- permit_stun_host - Accept UDP packets from any Session Traversal Utilities for NAT (STUN) host. type: str choices: enable, disable
- policyid - Policy ID. type: int required: True
- poolname - IP Pool names. type: list
- name - IP pool name. Source firewall.ippool.name. type: str required: True
- profile_group - Name of profile group. Source firewall.profile-group.name. type: str
- profile_protocol_options - Name of an existing Protocol options profile. Source firewall.profile-protocol-options.name. type: str
- profile_type - Determine whether the firewall policy allows security profile groups or single profiles only. type: str choices: single, group
- radius_mac_auth_bypass - Enable MAC authentication bypass. The bypassed MAC address must be received from RADIUS server. type: str choices: enable, disable
- redirect_url - URL users are directed to after seeing and accepting the disclaimer or authenticating. type: str
- replacemsg_override_group - Override the default replacement message group for this policy. Source system.replacemsg-group.name. type: str
- rsso - Enable/disable RADIUS single sign-on (RSSO). type: str choices: enable, disable
- rtp_addr - Address names if this is an RTP NAT policy. type: list
- name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: True
- rtp_nat - Enable Real Time Protocol (RTP) NAT. type: str choices: disable, enable
- scan_botnet_connections - Block or monitor connections to Botnet servers or disable Botnet scanning. type: str choices: disable, block, monitor
- schedule - Schedule name. Source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name. type: str
- schedule_timeout - Enable to force current sessions to end when the schedule object times out. Disable allows them to end from inactivity. type: str choices: enable, disable
- send_deny_packet - Enable to send a reply when a session is denied or blocked by a firewall policy. type: str choices: disable, enable
- service - Service and service group names. type: list
- name - Service and service group names. Source firewall.service.custom.name firewall.service.group.name. type: str required: True
- service_negate - When enabled service specifies what the service must NOT be. type: str choices: enable, disable
- session_ttl - TTL in seconds for sessions accepted by this policy (0 means use the system ). type: int
- spamfilter_profile - Name of an existing Spam filter profile. Source spamfilter.profile.name. type: str
- srcaddr - Source address and address group names. type: list
- name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: True
- srcaddr_negate - When enabled srcaddr specifies what the source address must NOT be. type: str choices: enable, disable
- srcintf - Incoming (ingress) interface. type: list
- name - Interface name. Source system.interface.name system.zone.name. type: str required: True
- ssh_filter_profile - Name of an existing SSH filter profile. Source ssh-filter.profile.name. type: str
- ssl_mirror - Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). type: str choices: enable, disable
- ssl_mirror_intf - SSL mirror interface name. type: list
- name - Mirror Interface name. Source system.interface.name system.zone.name. type: str required: True
- ssl_ssh_profile - Name of an existing SSL SSH profile. Source firewall.ssl-ssh-profile.name. type: str
- status - Enable or disable this policy. type: str choices: enable, disable
- tcp_mss_receiver - Receiver TCP maximum segment size (MSS). type: int
- tcp_mss_sender - Sender TCP maximum segment size (MSS). type: int
- tcp_session_without_syn - Enable/disable creation of TCP session without SYN flag. type: str choices: all, data-only, disable
- timeout_send_rst - Enable/disable sending RST packets when TCP sessions expire. type: str choices: enable, disable
- traffic_shaper - Traffic shaper. Source firewall.shaper.traffic-shaper.name. type: str
- traffic_shaper_reverse - Reverse traffic shaper. Source firewall.shaper.traffic-shaper.name. type: str
- url_category - URL category ID list. type: list
- id - URL category ID. type: int required: True
- users - Names of individual users that can authenticate with this policy. type: list
- name - Names of individual users that can authenticate with this policy. Source user.local.name. type: str required: True
- utm_status - Enable to add one or more security profiles (AV, IPS, etc.) to the firewall policy. type: str choices: enable, disable
- uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str
- vlan_cos_fwd - VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest. type: int
- vlan_cos_rev - VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest.. type: int
- vlan_filter - Set VLAN filters. type: str
- voip_profile - Name of an existing VoIP profile. Source voip.profile.name. type: str
- vpntunnel - Policy-based IPsec VPN: name of the IPsec VPN Phase 1. Source vpn.ipsec.phase1.name vpn.ipsec.manualkey.name. type: str
- waf_profile - Name of an existing Web application firewall profile. Source waf.profile.name. type: str
- wanopt - Enable/disable WAN optimization. type: str choices: enable, disable
- wanopt_detection - WAN optimization auto-detection mode. type: str choices: active, passive, False
- wanopt_passive_opt - WAN optimization passive mode options. This option decides what IP address will be used to connect server. type: str choices: default, transparent, non-transparent
- wanopt_peer - WAN optimization peer. Source wanopt.peer.peer-host-id. type: str
- wanopt_profile - WAN optimization profile. Source wanopt.profile.name. type: str
- wccp - Enable/disable forwarding traffic matching this policy to a configured WCCP server. type: str choices: enable, disable
- webcache - Enable/disable web cache. type: str choices: enable, disable
- webcache_https - Enable/disable web cache for HTTPS. type: str choices: disable, enable
- webfilter_profile - Name of an existing Web filter profile. Source webfilter.profile.name. type: str
- wsso - Enable/disable WiFi Single Sign On (WSSO). type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IPv4 policies.
fortios_firewall_policy:
vdom: "{{ vdom }}"
state: "present"
firewall_policy:
action: "accept"
app_category:
-
id: "5"
app_group:
-
name: "default_name_7 (source application.group.name)"
application:
-
id: "9"
application_list: "<your_own_value> (source application.list.name)"
auth_cert: "<your_own_value> (source vpn.certificate.local.name)"
auth_path: "enable"
auth_redirect_addr: "<your_own_value>"
av_profile: "<your_own_value> (source antivirus.profile.name)"
block_notification: "enable"
captive_portal_exempt: "enable"
capture_packet: "enable"
comments: "<your_own_value>"
custom_log_fields:
-
field_id: "<your_own_value> (source log.custom-field.id)"
delay_tcp_npu_session: "enable"
devices:
-
name: "default_name_23 (source user.device.alias user.device-group.name user.device-category.name)"
diffserv_forward: "enable"
diffserv_reverse: "enable"
diffservcode_forward: "<your_own_value>"
diffservcode_rev: "<your_own_value>"
disclaimer: "enable"
dlp_sensor: "<your_own_value> (source dlp.sensor.name)"
dnsfilter_profile: "<your_own_value> (source dnsfilter.profile.name)"
dscp_match: "enable"
dscp_negate: "enable"
dscp_value: "<your_own_value>"
dsri: "enable"
dstaddr:
-
name: "default_name_36 (source firewall.address.name firewall.addrgrp.name firewall.vip.name firewall.vipgrp.name)"
dstaddr_negate: "enable"
dstintf:
-
name: "default_name_39 (source system.interface.name system.zone.name)"
firewall_session_dirty: "check-all"
fixedport: "enable"
fsso: "enable"
fsso_agent_for_ntlm: "<your_own_value> (source user.fsso.name)"
global_label: "<your_own_value>"
groups:
-
name: "default_name_46 (source user.group.name)"
icap_profile: "<your_own_value> (source icap.profile.name)"
identity_based_route: "<your_own_value> (source firewall.identity-based-route.name)"
inbound: "enable"
internet_service: "enable"
internet_service_custom:
-
name: "default_name_52 (source firewall.internet-service-custom.name)"
internet_service_id:
-
id: "54 (source firewall.internet-service.id)"
internet_service_negate: "enable"
internet_service_src: "enable"
internet_service_src_custom:
-
name: "default_name_58 (source firewall.internet-service-custom.name)"
internet_service_src_id:
-
id: "60 (source firewall.internet-service.id)"
internet_service_src_negate: "enable"
ippool: "enable"
ips_sensor: "<your_own_value> (source ips.sensor.name)"
label: "<your_own_value>"
learning_mode: "enable"
logtraffic: "all"
logtraffic_start: "enable"
match_vip: "enable"
name: "default_name_69"
nat: "enable"
natinbound: "enable"
natip: "<your_own_value>"
natoutbound: "enable"
ntlm: "enable"
ntlm_enabled_browsers:
-
user_agent_string: "<your_own_value>"
ntlm_guest: "enable"
outbound: "enable"
per_ip_shaper: "<your_own_value> (source firewall.shaper.per-ip-shaper.name)"
permit_any_host: "enable"
permit_stun_host: "enable"
policyid: "82"
poolname:
-
name: "default_name_84 (source firewall.ippool.name)"
profile_group: "<your_own_value> (source firewall.profile-group.name)"
profile_protocol_options: "<your_own_value> (source firewall.profile-protocol-options.name)"
profile_type: "single"
radius_mac_auth_bypass: "enable"
redirect_url: "<your_own_value>"
replacemsg_override_group: "<your_own_value> (source system.replacemsg-group.name)"
rsso: "enable"
rtp_addr:
-
name: "default_name_93 (source firewall.address.name firewall.addrgrp.name)"
rtp_nat: "disable"
scan_botnet_connections: "disable"
schedule: "<your_own_value> (source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name)"
schedule_timeout: "enable"
send_deny_packet: "disable"
service:
-
name: "default_name_100 (source firewall.service.custom.name firewall.service.group.name)"
service_negate: "enable"
session_ttl: "102"
spamfilter_profile: "<your_own_value> (source spamfilter.profile.name)"
srcaddr:
-
name: "default_name_105 (source firewall.address.name firewall.addrgrp.name)"
srcaddr_negate: "enable"
srcintf:
-
name: "default_name_108 (source system.interface.name system.zone.name)"
ssh_filter_profile: "<your_own_value> (source ssh-filter.profile.name)"
ssl_mirror: "enable"
ssl_mirror_intf:
-
name: "default_name_112 (source system.interface.name system.zone.name)"
ssl_ssh_profile: "<your_own_value> (source firewall.ssl-ssh-profile.name)"
status: "enable"
tcp_mss_receiver: "115"
tcp_mss_sender: "116"
tcp_session_without_syn: "all"
timeout_send_rst: "enable"
traffic_shaper: "<your_own_value> (source firewall.shaper.traffic-shaper.name)"
traffic_shaper_reverse: "<your_own_value> (source firewall.shaper.traffic-shaper.name)"
url_category:
-
id: "122"
users:
-
name: "default_name_124 (source user.local.name)"
utm_status: "enable"
uuid: "<your_own_value>"
vlan_cos_fwd: "127"
vlan_cos_rev: "128"
vlan_filter: "<your_own_value>"
voip_profile: "<your_own_value> (source voip.profile.name)"
vpntunnel: "<your_own_value> (source vpn.ipsec.phase1.name vpn.ipsec.manualkey.name)"
waf_profile: "<your_own_value> (source waf.profile.name)"
wanopt: "enable"
wanopt_detection: "active"
wanopt_passive_opt: "default"
wanopt_peer: "<your_own_value> (source wanopt.peer.peer-host-id)"
wanopt_profile: "<your_own_value> (source wanopt.profile.name)"
wccp: "enable"
webcache: "enable"
webcache_https: "disable"
webfilter_profile: "<your_own_value> (source webfilter.profile.name)"
wsso: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_policy46 – Configure IPv4 to IPv6 policies in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and policy46 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_policy46 - Configure IPv4 to IPv6 policies. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- action - Accept or deny traffic matching the policy. type: str choices: accept, deny
- comments - Comment. type: str
- dstaddr - Destination address objects. type: list
- name - Address name. Source firewall.vip46.name firewall.vipgrp46.name. type: str required: True
- dstintf - Destination interface name. Source system.interface.name system.zone.name. type: str
- fixedport - Enable/disable fixed port for this policy. type: str choices: enable, disable
- ippool - Enable/disable use of IP Pools for source NAT. type: str choices: enable, disable
- logtraffic - Enable/disable traffic logging for this policy. type: str choices: enable, disable
- per_ip_shaper - Per IP traffic shaper. Source firewall.shaper.per-ip-shaper.name. type: str
- permit_any_host - Enable/disable allowing any host. type: str choices: enable, disable
- policyid - Policy ID. type: int required: True
- poolname - IP Pool names. type: list
- name - IP pool name. Source firewall.ippool6.name. type: str required: True
- schedule - Schedule name. Source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name. type: str
- service - Service name. type: list
- name - Service name. Source firewall.service.custom.name firewall.service.group.name. type: str required: True
- srcaddr - Source address objects. type: list
- name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: True
- srcintf - Source interface name. Source system.zone.name system.interface.name. type: str
- status - Enable/disable this policy. type: str choices: enable, disable
- tcp_mss_receiver - TCP Maximum Segment Size value of receiver (0 - 65535) type: int
- tcp_mss_sender - TCP Maximum Segment Size value of sender (0 - 65535). type: int
- traffic_shaper - Traffic shaper. Source firewall.shaper.traffic-shaper.name. type: str
- traffic_shaper_reverse - Reverse traffic shaper. Source firewall.shaper.traffic-shaper.name. type: str
- uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IPv4 to IPv6 policies.
fortios_firewall_policy46:
vdom: "{{ vdom }}"
state: "present"
firewall_policy46:
action: "accept"
comments: "<your_own_value>"
dstaddr:
-
name: "default_name_6 (source firewall.vip46.name firewall.vipgrp46.name)"
dstintf: "<your_own_value> (source system.interface.name system.zone.name)"
fixedport: "enable"
ippool: "enable"
logtraffic: "enable"
per_ip_shaper: "<your_own_value> (source firewall.shaper.per-ip-shaper.name)"
permit_any_host: "enable"
policyid: "13"
poolname:
-
name: "default_name_15 (source firewall.ippool6.name)"
schedule: "<your_own_value> (source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name)"
service:
-
name: "default_name_18 (source firewall.service.custom.name firewall.service.group.name)"
srcaddr:
-
name: "default_name_20 (source firewall.address.name firewall.addrgrp.name)"
srcintf: "<your_own_value> (source system.zone.name system.interface.name)"
status: "enable"
tcp_mss_receiver: "23"
tcp_mss_sender: "24"
traffic_shaper: "<your_own_value> (source firewall.shaper.traffic-shaper.name)"
traffic_shaper_reverse: "<your_own_value> (source firewall.shaper.traffic-shaper.name)"
uuid: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_policy6 – Configure IPv6 policies in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and policy6 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_policy6 - Configure IPv6 policies. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- action - Policy action (allow/deny/ipsec). type: str choices: accept, deny, ipsec
- app_category - Application category ID list. type: list
- id - Category IDs. type: int required: True
- app_group - Application group names. type: list
- name - Application group names. Source application.group.name. type: str required: True
- application - Application ID list. type: list
- id - Application IDs. type: int required: True
- application_list - Name of an existing Application list. Source application.list.name. type: str
- av_profile - Name of an existing Antivirus profile. Source antivirus.profile.name. type: str
- comments - Comment. type: str
- custom_log_fields - Log field index numbers to append custom log fields to log messages for this policy. type: list
- field_id - Custom log field. Source log.custom-field.id. type: str
- devices - Names of devices or device groups that can be matched by the policy. type: list
- name - Device or group name. Source user.device.alias user.device-group.name user.device-category.name. type: str required: True
- diffserv_forward - Enable to change packet"s DiffServ values to the specified diffservcode-forward value. type: str choices: enable, disable
- diffserv_reverse - Enable to change packet"s reverse (reply) DiffServ values to the specified diffservcode-rev value. type: str choices: enable, disable
- diffservcode_forward - Change packet"s DiffServ to this value. type: str
- diffservcode_rev - Change packet"s reverse (reply) DiffServ to this value. type: str
- dlp_sensor - Name of an existing DLP sensor. Source dlp.sensor.name. type: str
- dscp_match - Enable DSCP check. type: str choices: enable, disable
- dscp_negate - Enable negated DSCP match. type: str choices: enable, disable
- dscp_value - DSCP value. type: str
- dsri - Enable DSRI to ignore HTTP server responses. type: str choices: enable, disable
- dstaddr - Destination address and address group names. type: list
- name - Address name. Source firewall.address6.name firewall.addrgrp6.name firewall.vip6.name firewall.vipgrp6.name. type: str required: True
- dstaddr_negate - When enabled dstaddr specifies what the destination address must NOT be. type: str choices: enable, disable
- dstintf - Outgoing (egress) interface. type: list
- name - Interface name. Source system.interface.name system.zone.name. type: str required: True
- firewall_session_dirty - How to handle sessions if the configuration of this firewall policy changes. type: str choices: check-all, check-new
- fixedport - Enable to prevent source NAT from changing a session"s source port. type: str choices: enable, disable
- global_label - Label for the policy that appears when the GUI is in Global View mode. type: str
- groups - Names of user groups that can authenticate with this policy. type: list
- name - Group name. Source user.group.name. type: str required: True
- icap_profile - Name of an existing ICAP profile. Source icap.profile.name. type: str
- inbound - Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. type: str choices: enable, disable
- ippool - Enable to use IP Pools for source NAT. type: str choices: enable, disable
- ips_sensor - Name of an existing IPS sensor. Source ips.sensor.name. type: str
- label - Label for the policy that appears when the GUI is in Section View mode. type: str
- logtraffic - Enable or disable logging. Log all sessions or security profile sessions. type: str choices: all, utm, disable
- logtraffic_start - Record logs when a session starts and ends. type: str choices: enable, disable
- name - Policy name. type: str
- nat - Enable/disable source NAT. type: str choices: enable, disable
- natinbound - Policy-based IPsec VPN: apply destination NAT to inbound traffic. type: str choices: enable, disable
- natoutbound - Policy-based IPsec VPN: apply source NAT to outbound traffic. type: str choices: enable, disable
- outbound - Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. type: str choices: enable, disable
- per_ip_shaper - Per-IP traffic shaper. Source firewall.shaper.per-ip-shaper.name. type: str
- policyid - Policy ID. type: int required: True
- poolname - IP Pool names. type: list
- name - IP pool name. Source firewall.ippool6.name. type: str required: True
- profile_group - Name of profile group. Source firewall.profile-group.name. type: str
- profile_protocol_options - Name of an existing Protocol options profile. Source firewall.profile-protocol-options.name. type: str
- profile_type - Determine whether the firewall policy allows security profile groups or single profiles only. type: str choices: single, group
- replacemsg_override_group - Override the default replacement message group for this policy. Source system.replacemsg-group.name. type: str
- rsso - Enable/disable RADIUS single sign-on (RSSO). type: str choices: enable, disable
- schedule - Schedule name. Source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name. type: str
- send_deny_packet - Enable/disable return of deny-packet. type: str choices: enable, disable
- service - Service and service group names. type: list
- name - Address name. Source firewall.service.custom.name firewall.service.group.name. type: str required: True
- service_negate - When enabled service specifies what the service must NOT be. type: str choices: enable, disable
- session_ttl - Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL. type: int
- spamfilter_profile - Name of an existing Spam filter profile. Source spamfilter.profile.name. type: str
- srcaddr - Source address and address group names. type: list
- name - Address name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: True
- srcaddr_negate - When enabled srcaddr specifies what the source address must NOT be. type: str choices: enable, disable
- srcintf - Incoming (ingress) interface. type: list
- name - Interface name. Source system.zone.name system.interface.name. type: str required: True
- ssh_filter_profile - Name of an existing SSH filter profile. Source ssh-filter.profile.name. type: str
- ssl_mirror - Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). type: str choices: enable, disable
- ssl_mirror_intf - SSL mirror interface name. type: list
- name - Interface name. Source system.zone.name system.interface.name. type: str required: True
- ssl_ssh_profile - Name of an existing SSL SSH profile. Source firewall.ssl-ssh-profile.name. type: str
- status - Enable or disable this policy. type: str choices: enable, disable
- tcp_mss_receiver - Receiver TCP maximum segment size (MSS). type: int
- tcp_mss_sender - Sender TCP maximum segment size (MSS). type: int
- tcp_session_without_syn - Enable/disable creation of TCP session without SYN flag. type: str choices: all, data-only, disable
- timeout_send_rst - Enable/disable sending RST packets when TCP sessions expire. type: str choices: enable, disable
- traffic_shaper - Reverse traffic shaper. Source firewall.shaper.traffic-shaper.name. type: str
- traffic_shaper_reverse - Reverse traffic shaper. Source firewall.shaper.traffic-shaper.name. type: str
- url_category - URL category ID list. type: list
- id - URL category ID. type: int required: True
- users - Names of individual users that can authenticate with this policy. type: list
- name - Names of individual users that can authenticate with this policy. Source user.local.name. type: str required: True
- utm_status - Enable AV/web/ips protection profile. type: str choices: enable, disable
- uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str
- vlan_cos_fwd - VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest type: int
- vlan_cos_rev - VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest type: int
- vlan_filter - Set VLAN filters. type: str
- voip_profile - Name of an existing VoIP profile. Source voip.profile.name. type: str
- vpntunnel - Policy-based IPsec VPN: name of the IPsec VPN Phase 1. Source vpn.ipsec.phase1.name vpn.ipsec.manualkey.name. type: str
- webfilter_profile - Name of an existing Web filter profile. Source webfilter.profile.name. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IPv6 policies.
fortios_firewall_policy6:
vdom: "{{ vdom }}"
state: "present"
firewall_policy6:
action: "accept"
app_category:
-
id: "5"
app_group:
-
name: "default_name_7 (source application.group.name)"
application:
-
id: "9"
application_list: "<your_own_value> (source application.list.name)"
av_profile: "<your_own_value> (source antivirus.profile.name)"
comments: "<your_own_value>"
custom_log_fields:
-
field_id: "<your_own_value> (source log.custom-field.id)"
devices:
-
name: "default_name_16 (source user.device.alias user.device-group.name user.device-category.name)"
diffserv_forward: "enable"
diffserv_reverse: "enable"
diffservcode_forward: "<your_own_value>"
diffservcode_rev: "<your_own_value>"
dlp_sensor: "<your_own_value> (source dlp.sensor.name)"
dscp_match: "enable"
dscp_negate: "enable"
dscp_value: "<your_own_value>"
dsri: "enable"
dstaddr:
-
name: "default_name_27 (source firewall.address6.name firewall.addrgrp6.name firewall.vip6.name firewall.vipgrp6.name)"
dstaddr_negate: "enable"
dstintf:
-
name: "default_name_30 (source system.interface.name system.zone.name)"
firewall_session_dirty: "check-all"
fixedport: "enable"
global_label: "<your_own_value>"
groups:
-
name: "default_name_35 (source user.group.name)"
icap_profile: "<your_own_value> (source icap.profile.name)"
inbound: "enable"
ippool: "enable"
ips_sensor: "<your_own_value> (source ips.sensor.name)"
label: "<your_own_value>"
logtraffic: "all"
logtraffic_start: "enable"
name: "default_name_43"
nat: "enable"
natinbound: "enable"
natoutbound: "enable"
outbound: "enable"
per_ip_shaper: "<your_own_value> (source firewall.shaper.per-ip-shaper.name)"
policyid: "49"
poolname:
-
name: "default_name_51 (source firewall.ippool6.name)"
profile_group: "<your_own_value> (source firewall.profile-group.name)"
profile_protocol_options: "<your_own_value> (source firewall.profile-protocol-options.name)"
profile_type: "single"
replacemsg_override_group: "<your_own_value> (source system.replacemsg-group.name)"
rsso: "enable"
schedule: "<your_own_value> (source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name)"
send_deny_packet: "enable"
service:
-
name: "default_name_60 (source firewall.service.custom.name firewall.service.group.name)"
service_negate: "enable"
session_ttl: "62"
spamfilter_profile: "<your_own_value> (source spamfilter.profile.name)"
srcaddr:
-
name: "default_name_65 (source firewall.address6.name firewall.addrgrp6.name)"
srcaddr_negate: "enable"
srcintf:
-
name: "default_name_68 (source system.zone.name system.interface.name)"
ssh_filter_profile: "<your_own_value> (source ssh-filter.profile.name)"
ssl_mirror: "enable"
ssl_mirror_intf:
-
name: "default_name_72 (source system.zone.name system.interface.name)"
ssl_ssh_profile: "<your_own_value> (source firewall.ssl-ssh-profile.name)"
status: "enable"
tcp_mss_receiver: "75"
tcp_mss_sender: "76"
tcp_session_without_syn: "all"
timeout_send_rst: "enable"
traffic_shaper: "<your_own_value> (source firewall.shaper.traffic-shaper.name)"
traffic_shaper_reverse: "<your_own_value> (source firewall.shaper.traffic-shaper.name)"
url_category:
-
id: "82"
users:
-
name: "default_name_84 (source user.local.name)"
utm_status: "enable"
uuid: "<your_own_value>"
vlan_cos_fwd: "87"
vlan_cos_rev: "88"
vlan_filter: "<your_own_value>"
voip_profile: "<your_own_value> (source voip.profile.name)"
vpntunnel: "<your_own_value> (source vpn.ipsec.phase1.name vpn.ipsec.manualkey.name)"
webfilter_profile: "<your_own_value> (source webfilter.profile.name)"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_policy64 – Configure IPv6 to IPv4 policies in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and policy64 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_policy64 - Configure IPv6 to IPv4 policies. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- action - Policy action. type: str choices: accept, deny
- comments - Comment. type: str
- dstaddr - Destination address name. type: list
- name - Address name. Source firewall.address.name firewall.addrgrp.name firewall.vip64.name firewall.vipgrp64.name. type: str required: True
- dstintf - Destination interface name. Source system.interface.name system.zone.name. type: str
- fixedport - Enable/disable policy fixed port. type: str choices: enable, disable
- ippool - Enable/disable policy64 IP pool. type: str choices: enable, disable
- logtraffic - Enable/disable policy log traffic. type: str choices: enable, disable
- per_ip_shaper - Per-IP traffic shaper. Source firewall.shaper.per-ip-shaper.name. type: str
- permit_any_host - Enable/disable permit any host in. type: str choices: enable, disable
- policyid - Policy ID. type: int required: True
- poolname - Policy IP pool names. type: list
- name - IP pool name. Source firewall.ippool.name. type: str required: True
- schedule - Schedule name. Source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name. type: str
- service - Service name. type: list
- name - Address name. Source firewall.service.custom.name firewall.service.group.name. type: str required: True
- srcaddr - Source address name. type: list
- name - Address name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: True
- srcintf - Source interface name. Source system.zone.name system.interface.name. type: str
- status - Enable/disable policy status. type: str choices: enable, disable
- tcp_mss_receiver - TCP MSS value of receiver. type: int
- tcp_mss_sender - TCP MSS value of sender. type: int
- traffic_shaper - Traffic shaper. Source firewall.shaper.traffic-shaper.name. type: str
- traffic_shaper_reverse - Reverse traffic shaper. Source firewall.shaper.traffic-shaper.name. type: str
- uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IPv6 to IPv4 policies.
fortios_firewall_policy64:
vdom: "{{ vdom }}"
state: "present"
firewall_policy64:
action: "accept"
comments: "<your_own_value>"
dstaddr:
-
name: "default_name_6 (source firewall.address.name firewall.addrgrp.name firewall.vip64.name firewall.vipgrp64.name)"
dstintf: "<your_own_value> (source system.interface.name system.zone.name)"
fixedport: "enable"
ippool: "enable"
logtraffic: "enable"
per_ip_shaper: "<your_own_value> (source firewall.shaper.per-ip-shaper.name)"
permit_any_host: "enable"
policyid: "13"
poolname:
-
name: "default_name_15 (source firewall.ippool.name)"
schedule: "<your_own_value> (source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name)"
service:
-
name: "default_name_18 (source firewall.service.custom.name firewall.service.group.name)"
srcaddr:
-
name: "default_name_20 (source firewall.address6.name firewall.addrgrp6.name)"
srcintf: "<your_own_value> (source system.zone.name system.interface.name)"
status: "enable"
tcp_mss_receiver: "23"
tcp_mss_sender: "24"
traffic_shaper: "<your_own_value> (source firewall.shaper.traffic-shaper.name)"
traffic_shaper_reverse: "<your_own_value> (source firewall.shaper.traffic-shaper.name)"
uuid: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_profile_group – Configure profile groups in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and profile_group category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_profile_group - Configure profile groups. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- application_list - Name of an existing Application list. Source application.list.name. type: str
- av_profile - Name of an existing Antivirus profile. Source antivirus.profile.name. type: str
- dlp_sensor - Name of an existing DLP sensor. Source dlp.sensor.name. type: str
- dnsfilter_profile - Name of an existing DNS filter profile. Source dnsfilter.profile.name. type: str
- icap_profile - Name of an existing ICAP profile. Source icap.profile.name. type: str
- ips_sensor - Name of an existing IPS sensor. Source ips.sensor.name. type: str
- name - Profile group name. type: str required: True
- profile_protocol_options - Name of an existing Protocol options profile. Source firewall.profile-protocol-options.name. type: str
- spamfilter_profile - Name of an existing Spam filter profile. Source spamfilter.profile.name. type: str
- ssh_filter_profile - Name of an existing SSH filter profile. Source ssh-filter.profile.name. type: str
- ssl_ssh_profile - Name of an existing SSL SSH profile. Source firewall.ssl-ssh-profile.name. type: str
- voip_profile - Name of an existing VoIP profile. Source voip.profile.name. type: str
- waf_profile - Name of an existing Web application firewall profile. Source waf.profile.name. type: str
- webfilter_profile - Name of an existing Web filter profile. Source webfilter.profile.name. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure profile groups.
fortios_firewall_profile_group:
vdom: "{{ vdom }}"
state: "present"
firewall_profile_group:
application_list: "<your_own_value> (source application.list.name)"
av_profile: "<your_own_value> (source antivirus.profile.name)"
dlp_sensor: "<your_own_value> (source dlp.sensor.name)"
dnsfilter_profile: "<your_own_value> (source dnsfilter.profile.name)"
icap_profile: "<your_own_value> (source icap.profile.name)"
ips_sensor: "<your_own_value> (source ips.sensor.name)"
name: "default_name_9"
profile_protocol_options: "<your_own_value> (source firewall.profile-protocol-options.name)"
spamfilter_profile: "<your_own_value> (source spamfilter.profile.name)"
ssh_filter_profile: "<your_own_value> (source ssh-filter.profile.name)"
ssl_ssh_profile: "<your_own_value> (source firewall.ssl-ssh-profile.name)"
voip_profile: "<your_own_value> (source voip.profile.name)"
waf_profile: "<your_own_value> (source waf.profile.name)"
webfilter_profile: "<your_own_value> (source webfilter.profile.name)"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_profile_protocol_options – Configure protocol options in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and profile_protocol_options category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_profile_protocol_options - Configure protocol options. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- comment - Optional comments. type: str
- dns - Configure DNS protocol options. type: dict
- ports - Ports to scan for content (1 - 65535). type: int
- status - Enable/disable the active status of scanning for this protocol. type: str choices: enable, disable
- ftp - Configure FTP protocol options. type: dict
- comfort_amount - Amount of data to send in a transmission for client comforting (1 - 10240 bytes). type: int
- comfort_interval - Period of time between start, or last transmission, and the next client comfort transmission of data (1 - 900 sec). type: int
- inspect_all - Enable/disable the inspection of all ports for the protocol. type: str choices: enable, disable
- options - One or more options that can be applied to the session. type: str choices: clientcomfort, oversize, splice, bypass-rest-command, bypass-mode-command
- oversize_limit - Maximum in-memory file size that can be scanned (1 - 383 MB). type: int
- ports - Ports to scan for content (1 - 65535). type: int
- scan_bzip2 - Enable/disable scanning of BZip2 compressed files. type: str choices: enable, disable
- status - Enable/disable the active status of scanning for this protocol. type: str choices: enable, disable
- uncompressed_nest_limit - Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). type: int
- uncompressed_oversize_limit - Maximum in-memory uncompressed file size that can be scanned (0 - 383 MB, 0 = unlimited). type: int
- http - Configure HTTP protocol options. type: dict
- block_page_status_code - Code number returned for blocked HTTP pages (non-FortiGuard only) (100 - 599). type: int
- comfort_amount - Amount of data to send in a transmission for client comforting (1 - 10240 bytes). type: int
- comfort_interval - Period of time between start, or last transmission, and the next client comfort transmission of data (1 - 900 sec). type: int
- fortinet_bar - Enable/disable Fortinet bar on HTML content. type: str choices: enable, disable
- fortinet_bar_port - Port for use by Fortinet Bar (1 - 65535). type: int
- http_policy - Enable/disable HTTP policy check. type: str choices: disable, enable
- inspect_all - Enable/disable the inspection of all ports for the protocol. type: str choices: enable, disable
- options - One or more options that can be applied to the session. type: str choices: clientcomfort, servercomfort, oversize, chunkedbypass
- oversize_limit - Maximum in-memory file size that can be scanned (1 - 383 MB). type: int
- ports - Ports to scan for content (1 - 65535). type: int
- post_lang - ID codes for character sets to be used to convert to UTF-8 for banned words and DLP on HTTP posts (maximum of 5 character sets). type: str choices: jisx0201, jisx0208, jisx0212, gb2312, ksc5601-ex, euc-jp, sjis, iso2022-jp, iso2022-jp-1, iso2022-jp-2, euc-cn, ces-gbk, hz, ces-big5, euc-kr, iso2022-jp-3, iso8859-1, tis620, cp874, cp1252, cp1251
- range_block - Enable/disable blocking of partial downloads. type: str choices: disable, enable
- retry_count - Number of attempts to retry HTTP connection (0 - 100). type: int
- scan_bzip2 - Enable/disable scanning of BZip2 compressed files. type: str choices: enable, disable
- status - Enable/disable the active status of scanning for this protocol. type: str choices: enable, disable
- streaming_content_bypass - Enable/disable bypassing of streaming content from buffering. type: str choices: enable, disable
- strip_x_forwarded_for - Enable/disable stripping of HTTP X-Forwarded-For header. type: str choices: disable, enable
- switching_protocols - Bypass from scanning, or block a connection that attempts to switch protocol. type: str choices: bypass, block
- uncompressed_nest_limit - Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). type: int
- uncompressed_oversize_limit - Maximum in-memory uncompressed file size that can be scanned (0 - 383 MB, 0 = unlimited). type: int
- imap - Configure IMAP protocol options. type: dict
- inspect_all - Enable/disable the inspection of all ports for the protocol. type: str choices: enable, disable
- options - One or more options that can be applied to the session. type: str choices: fragmail, oversize
- oversize_limit - Maximum in-memory file size that can be scanned (1 - 383 MB). type: int
- ports - Ports to scan for content (1 - 65535). type: int
- scan_bzip2 - Enable/disable scanning of BZip2 compressed files. type: str choices: enable, disable
- status - Enable/disable the active status of scanning for this protocol. type: str choices: enable, disable
- uncompressed_nest_limit - Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). type: int
- uncompressed_oversize_limit - Maximum in-memory uncompressed file size that can be scanned (0 - 383 MB, 0 = unlimited). type: int
- mail_signature - Configure Mail signature. type: dict
- signature - Email signature to be added to outgoing email (if the signature contains spaces, enclose with quotation marks). type: str
- status - Enable/disable adding an email signature to SMTP email messages as they pass through the FortiGate. type: str choices: disable, enable
- mapi - Configure MAPI protocol options. type: dict
- options - One or more options that can be applied to the session. type: str choices: fragmail, oversize
- oversize_limit - Maximum in-memory file size that can be scanned (1 - 383 MB). type: int
- ports - Ports to scan for content (1 - 65535). type: int
- scan_bzip2 - Enable/disable scanning of BZip2 compressed files. type: str choices: enable, disable
- status - Enable/disable the active status of scanning for this protocol. type: str choices: enable, disable
- uncompressed_nest_limit - Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). type: int
- uncompressed_oversize_limit - Maximum in-memory uncompressed file size that can be scanned (0 - 383 MB, 0 = unlimited). type: int
- name - Name. type: str required: True
- nntp - Configure NNTP protocol options. type: dict
- inspect_all - Enable/disable the inspection of all ports for the protocol. type: str choices: enable, disable
- options - One or more options that can be applied to the session. type: str choices: oversize, splice
- oversize_limit - Maximum in-memory file size that can be scanned (1 - 383 MB). type: int
- ports - Ports to scan for content (1 - 65535). type: int
- scan_bzip2 - Enable/disable scanning of BZip2 compressed files. type: str choices: enable, disable
- status - Enable/disable the active status of scanning for this protocol. type: str choices: enable, disable
- uncompressed_nest_limit - Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). type: int
- uncompressed_oversize_limit - Maximum in-memory uncompressed file size that can be scanned (0 - 383 MB, 0 = unlimited). type: int
- oversize_log - Enable/disable logging for antivirus oversize file blocking. type: str choices: disable, enable
- pop3 - Configure POP3 protocol options. type: dict
- inspect_all - Enable/disable the inspection of all ports for the protocol. type: str choices: enable, disable
- options - One or more options that can be applied to the session. type: str choices: fragmail, oversize
- oversize_limit - Maximum in-memory file size that can be scanned (1 - 383 MB). type: int
- ports - Ports to scan for content (1 - 65535). type: int
- scan_bzip2 - Enable/disable scanning of BZip2 compressed files. type: str choices: enable, disable
- status - Enable/disable the active status of scanning for this protocol. type: str choices: enable, disable
- uncompressed_nest_limit - Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). type: int
- uncompressed_oversize_limit - Maximum in-memory uncompressed file size that can be scanned (0 - 383 MB, 0 = unlimited). type: int
- replacemsg_group - Name of the replacement message group to be used Source system.replacemsg-group.name. type: str
- rpc_over_http - Enable/disable inspection of RPC over HTTP. type: str choices: enable, disable
- smtp - Configure SMTP protocol options. type: dict
- inspect_all - Enable/disable the inspection of all ports for the protocol. type: str choices: enable, disable
- options - One or more options that can be applied to the session. type: str choices: fragmail, oversize, splice
- oversize_limit - Maximum in-memory file size that can be scanned (1 - 383 MB). type: int
- ports - Ports to scan for content (1 - 65535). type: int
- scan_bzip2 - Enable/disable scanning of BZip2 compressed files. type: str choices: enable, disable
- server_busy - Enable/disable SMTP server busy when server not available. type: str choices: enable, disable
- status - Enable/disable the active status of scanning for this protocol. type: str choices: enable, disable
- uncompressed_nest_limit - Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). type: int
- uncompressed_oversize_limit - Maximum in-memory uncompressed file size that can be scanned (0 - 383 MB, 0 = unlimited). type: int
- switching_protocols_log - Enable/disable logging for HTTP/HTTPS switching protocols. type: str choices: disable, enable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure protocol options.
fortios_firewall_profile_protocol_options:
vdom: "{{ vdom }}"
state: "present"
firewall_profile_protocol_options:
comment: "Optional comments."
dns:
ports: "5"
status: "enable"
ftp:
comfort_amount: "8"
comfort_interval: "9"
inspect_all: "enable"
options: "clientcomfort"
oversize_limit: "12"
ports: "13"
scan_bzip2: "enable"
status: "enable"
uncompressed_nest_limit: "16"
uncompressed_oversize_limit: "17"
http:
block_page_status_code: "19"
comfort_amount: "20"
comfort_interval: "21"
fortinet_bar: "enable"
fortinet_bar_port: "23"
http_policy: "disable"
inspect_all: "enable"
options: "clientcomfort"
oversize_limit: "27"
ports: "28"
post_lang: "jisx0201"
range_block: "disable"
retry_count: "31"
scan_bzip2: "enable"
status: "enable"
streaming_content_bypass: "enable"
strip_x_forwarded_for: "disable"
switching_protocols: "bypass"
uncompressed_nest_limit: "37"
uncompressed_oversize_limit: "38"
imap:
inspect_all: "enable"
options: "fragmail"
oversize_limit: "42"
ports: "43"
scan_bzip2: "enable"
status: "enable"
uncompressed_nest_limit: "46"
uncompressed_oversize_limit: "47"
mail_signature:
signature: "<your_own_value>"
status: "disable"
mapi:
options: "fragmail"
oversize_limit: "53"
ports: "54"
scan_bzip2: "enable"
status: "enable"
uncompressed_nest_limit: "57"
uncompressed_oversize_limit: "58"
name: "default_name_59"
nntp:
inspect_all: "enable"
options: "oversize"
oversize_limit: "63"
ports: "64"
scan_bzip2: "enable"
status: "enable"
uncompressed_nest_limit: "67"
uncompressed_oversize_limit: "68"
oversize_log: "disable"
pop3:
inspect_all: "enable"
options: "fragmail"
oversize_limit: "73"
ports: "74"
scan_bzip2: "enable"
status: "enable"
uncompressed_nest_limit: "77"
uncompressed_oversize_limit: "78"
replacemsg_group: "<your_own_value> (source system.replacemsg-group.name)"
rpc_over_http: "enable"
smtp:
inspect_all: "enable"
options: "fragmail"
oversize_limit: "84"
ports: "85"
scan_bzip2: "enable"
server_busy: "enable"
status: "enable"
uncompressed_nest_limit: "89"
uncompressed_oversize_limit: "90"
switching_protocols_log: "disable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_proxy_address – Web proxy address configuration in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and proxy_address category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_proxy_address - Web proxy address configuration. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- case_sensitivity - Enable to make the pattern case sensitive. type: str choices: disable, enable
- category - FortiGuard category ID. type: list
- id - Fortiguard category id. type: int required: True
- color - Integer value to determine the color of the icon in the GUI (1 - 32). type: int
- comment - Optional comments. type: str
- header - HTTP header name as a regular expression. type: str
- header_group - HTTP header group. type: list
- case_sensitivity - Case sensitivity in pattern. type: str choices: disable, enable
- header - HTTP header regular expression. type: str
- header_name - HTTP header. type: str
- id - ID. type: int required: True
- header_name - Name of HTTP header. type: str
- host - Address object for the host. Source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name. type: str
- host_regex - Host name as a regular expression. type: str
- method - HTTP request methods to be used. type: str choices: get, post, put, head, connect, trace, options, delete
- name - Address name. type: str required: True
- path - URL path as a regular expression. type: str
- query - Match the query part of the URL as a regular expression. type: str
- referrer - Enable/disable use of referrer field in the HTTP header to match the address. type: str choices: enable, disable
- tagging - Config object tagging. type: list
- category - Tag category. Source system.object-tagging.category. type: str
- name - Tagging entry name. type: str required: True
- tags - Tags. type: list
- name - Tag name. Source system.object-tagging.tags.name. type: str required: True
- type - Proxy address type. type: str choices: host-regex, url, category, method, ua, header, src-advanced, dst-advanced
- ua - Names of browsers to be used as user agent. type: str choices: chrome, ms, firefox, safari, other
- uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str
- visibility - Enable/disable visibility of the object in the GUI. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Web proxy address configuration.
fortios_firewall_proxy_address:
vdom: "{{ vdom }}"
state: "present"
firewall_proxy_address:
case_sensitivity: "disable"
category:
-
id: "5"
color: "6"
comment: "Optional comments."
header: "<your_own_value>"
header_group:
-
case_sensitivity: "disable"
header: "<your_own_value>"
header_name: "<your_own_value>"
id: "13"
header_name: "<your_own_value>"
host: "myhostname (source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name)"
host_regex: "myhostname"
method: "get"
name: "default_name_18"
path: "<your_own_value>"
query: "<your_own_value>"
referrer: "enable"
tagging:
-
category: "<your_own_value> (source system.object-tagging.category)"
name: "default_name_24"
tags:
-
name: "default_name_26 (source system.object-tagging.tags.name)"
type: "host-regex"
ua: "chrome"
uuid: "<your_own_value>"
visibility: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_proxy_addrgrp – Web proxy address group configuration in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and proxy_addrgrp category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_proxy_addrgrp - Web proxy address group configuration. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- color - Integer value to determine the color of the icon in the GUI (1 - 32). type: int
- comment - Optional comments. type: str
- member - Members of address group. type: list
- name - Address name. Source firewall.proxy-address.name firewall.proxy-addrgrp.name. type: str required: True
- name - Address group name. type: str required: True
- tagging - Config object tagging. type: list
- category - Tag category. Source system.object-tagging.category. type: str
- name - Tagging entry name. type: str required: True
- tags - Tags. type: list
- name - Tag name. Source system.object-tagging.tags.name. type: str required: True
- type - Source or destination address group type. type: str choices: src, dst
- uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str
- visibility - Enable/disable visibility of the object in the GUI. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Web proxy address group configuration.
fortios_firewall_proxy_addrgrp:
vdom: "{{ vdom }}"
state: "present"
firewall_proxy_addrgrp:
color: "3"
comment: "Optional comments."
member:
-
name: "default_name_6 (source firewall.proxy-address.name firewall.proxy-addrgrp.name)"
name: "default_name_7"
tagging:
-
category: "<your_own_value> (source system.object-tagging.category)"
name: "default_name_10"
tags:
-
name: "default_name_12 (source system.object-tagging.tags.name)"
type: "src"
uuid: "<your_own_value>"
visibility: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_proxy_policy – Configure proxy policies in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and proxy_policy category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_proxy_policy - Configure proxy policies. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- action - Accept or deny traffic matching the policy parameters. type: str choices: accept, deny, redirect
- application_list - Name of an existing Application list. Source application.list.name. type: str
- av_profile - Name of an existing Antivirus profile. Source antivirus.profile.name. type: str
- comments - Optional comments. type: str
- disclaimer - Web proxy disclaimer setting: by domain, policy, or user. type: str choices: disable, domain, policy, user
- dlp_sensor - Name of an existing DLP sensor. Source dlp.sensor.name. type: str
- dstaddr - Destination address objects. type: list
- name - Address name. Source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name firewall.proxy-addrgrp.name firewall.vip.name firewall.vipgrp.name firewall.vip46.name firewall.vipgrp46.name system.external-resource.name. type: str required: True
- dstaddr_negate - When enabled, destination addresses match against any address EXCEPT the specified destination addresses. type: str choices: enable, disable
- dstaddr6 - IPv6 destination address objects. type: list
- name - Address name. Source firewall.address6.name firewall.addrgrp6.name firewall.vip6.name firewall.vipgrp6.name firewall.vip64.name firewall.vipgrp64.name system.external-resource.name. type: str required: True
- dstintf - Destination interface names. type: list
- name - Interface name. Source system.interface.name system.zone.name. type: str required: True
- global_label - Global web-based manager visible label. type: str
- groups - Names of group objects. type: list
- name - Group name. Source user.group.name. type: str required: True
- http_tunnel_auth - Enable/disable HTTP tunnel authentication. type: str choices: enable, disable
- icap_profile - Name of an existing ICAP profile. Source icap.profile.name. type: str
- internet_service - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. type: str choices: enable, disable
- internet_service_custom - Custom Internet Service name. type: list
- name - Custom name. Source firewall.internet-service-custom.name. type: str required: True
- internet_service_id - Internet Service ID. type: list
- id - Internet Service ID. Source firewall.internet-service.id. type: int required: True
- internet_service_negate - When enabled, Internet Services match against any internet service EXCEPT the selected Internet Service. type: str choices: enable, disable
- ips_sensor - Name of an existing IPS sensor. Source ips.sensor.name. type: str
- label - VDOM-specific GUI visible label. type: str
- logtraffic - Enable/disable logging traffic through the policy. type: str choices: all, utm, disable
- logtraffic_start - Enable/disable policy log traffic start. type: str choices: enable, disable
- policyid - Policy ID. type: int required: True
- poolname - Name of IP pool object. type: list
- name - IP pool name. Source firewall.ippool.name. type: str required: True
- profile_group - Name of profile group. Source firewall.profile-group.name. type: str
- profile_protocol_options - Name of an existing Protocol options profile. Source firewall.profile-protocol-options.name. type: str
- profile_type - Determine whether the firewall policy allows security profile groups or single profiles only. type: str choices: single, group
- proxy - Type of explicit proxy. type: str choices: explicit-web, transparent-web, ftp, ssh, ssh-tunnel, wanopt
- redirect_url - Redirect URL for further explicit web proxy processing. type: str
- replacemsg_override_group - Authentication replacement message override group. Source system.replacemsg-group.name. type: str
- scan_botnet_connections - Enable/disable scanning of connections to Botnet servers. type: str choices: disable, block, monitor
- schedule - Name of schedule object. Source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name. type: str
- service - Name of service objects. type: list
- name - Service name. Source firewall.service.custom.name firewall.service.group.name. type: str required: True
- service_negate - When enabled, services match against any service EXCEPT the specified destination services. type: str choices: enable, disable
- session_ttl - TTL in seconds for sessions accepted by this policy (0 means use the system ). type: int
- spamfilter_profile - Name of an existing Spam filter profile. Source spamfilter.profile.name. type: str
- srcaddr - Source address objects. type: list
- name - Address name. Source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name firewall.proxy-addrgrp.name system .external-resource.name. type: str required: True
- srcaddr_negate - When enabled, source addresses match against any address EXCEPT the specified source addresses. type: str choices: enable, disable
- srcaddr6 - IPv6 source address objects. type: list
- name - Address name. Source firewall.address6.name firewall.addrgrp6.name system.external-resource.name. type: str required: True
- srcintf - Source interface names. type: list
- name - Interface name. Source system.interface.name system.zone.name. type: str required: True
- ssh_filter_profile - Name of an existing SSH filter profile. Source ssh-filter.profile.name. type: str
- ssl_ssh_profile - Name of an existing SSL SSH profile. Source firewall.ssl-ssh-profile.name. type: str
- status - Enable/disable the active status of the policy. type: str choices: enable, disable
- transparent - Enable to use the IP address of the client to connect to the server. type: str choices: enable, disable
- users - Names of user objects. type: list
- name - Group name. Source user.local.name. type: str required: True
- utm_status - Enable the use of UTM profiles/sensors/lists. type: str choices: enable, disable
- uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str
- waf_profile - Name of an existing Web application firewall profile. Source waf.profile.name. type: str
- webcache - Enable/disable web caching. type: str choices: enable, disable
- webcache_https - Enable/disable web caching for HTTPS (Requires deep-inspection enabled in ssl-ssh-profile). type: str choices: disable, enable
- webfilter_profile - Name of an existing Web filter profile. Source webfilter.profile.name. type: str
- webproxy_forward_server - Name of web proxy forward server. Source web-proxy.forward-server.name web-proxy.forward-server-group.name. type: str
- webproxy_profile - Name of web proxy profile. Source web-proxy.profile.name. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure proxy policies.
fortios_firewall_proxy_policy:
vdom: "{{ vdom }}"
state: "present"
firewall_proxy_policy:
action: "accept"
application_list: "<your_own_value> (source application.list.name)"
av_profile: "<your_own_value> (source antivirus.profile.name)"
comments: "<your_own_value>"
disclaimer: "disable"
dlp_sensor: "<your_own_value> (source dlp.sensor.name)"
dstaddr:
-
name: "default_name_10 (source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name firewall.proxy-addrgrp.name firewall.vip
.name firewall.vipgrp.name firewall.vip46.name firewall.vipgrp46.name system.external-resource.name)"
dstaddr_negate: "enable"
dstaddr6:
-
name: "default_name_13 (source firewall.address6.name firewall.addrgrp6.name firewall.vip6.name firewall.vipgrp6.name firewall.vip64.name firewall
.vipgrp64.name system.external-resource.name)"
dstintf:
-
name: "default_name_15 (source system.interface.name system.zone.name)"
global_label: "<your_own_value>"
groups:
-
name: "default_name_18 (source user.group.name)"
http_tunnel_auth: "enable"
icap_profile: "<your_own_value> (source icap.profile.name)"
internet_service: "enable"
internet_service_custom:
-
name: "default_name_23 (source firewall.internet-service-custom.name)"
internet_service_id:
-
id: "25 (source firewall.internet-service.id)"
internet_service_negate: "enable"
ips_sensor: "<your_own_value> (source ips.sensor.name)"
label: "<your_own_value>"
logtraffic: "all"
logtraffic_start: "enable"
policyid: "31"
poolname:
-
name: "default_name_33 (source firewall.ippool.name)"
profile_group: "<your_own_value> (source firewall.profile-group.name)"
profile_protocol_options: "<your_own_value> (source firewall.profile-protocol-options.name)"
profile_type: "single"
proxy: "explicit-web"
redirect_url: "<your_own_value>"
replacemsg_override_group: "<your_own_value> (source system.replacemsg-group.name)"
scan_botnet_connections: "disable"
schedule: "<your_own_value> (source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name)"
service:
-
name: "default_name_43 (source firewall.service.custom.name firewall.service.group.name)"
service_negate: "enable"
session_ttl: "45"
spamfilter_profile: "<your_own_value> (source spamfilter.profile.name)"
srcaddr:
-
name: "default_name_48 (source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name firewall.proxy-addrgrp.name system
.external-resource.name)"
srcaddr_negate: "enable"
srcaddr6:
-
name: "default_name_51 (source firewall.address6.name firewall.addrgrp6.name system.external-resource.name)"
srcintf:
-
name: "default_name_53 (source system.interface.name system.zone.name)"
ssh_filter_profile: "<your_own_value> (source ssh-filter.profile.name)"
ssl_ssh_profile: "<your_own_value> (source firewall.ssl-ssh-profile.name)"
status: "enable"
transparent: "enable"
users:
-
name: "default_name_59 (source user.local.name)"
utm_status: "enable"
uuid: "<your_own_value>"
waf_profile: "<your_own_value> (source waf.profile.name)"
webcache: "enable"
webcache_https: "disable"
webfilter_profile: "<your_own_value> (source webfilter.profile.name)"
webproxy_forward_server: "<your_own_value> (source web-proxy.forward-server.name web-proxy.forward-server-group.name)"
webproxy_profile: "<your_own_value> (source web-proxy.profile.name)"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_schedule_group – Schedule group configuration in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall_schedule feature and group category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_schedule_group - Schedule group configuration. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- color - Color of icon on the GUI. type: int
- member - Schedules added to the schedule group. type: list
- name - Schedule name. Source firewall.schedule.onetime.name firewall.schedule.recurring.name. type: str required: True
- name - Schedule group name. type: str required: True
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Schedule group configuration.
fortios_firewall_schedule_group:
vdom: "{{ vdom }}"
state: "present"
firewall_schedule_group:
color: "3"
member:
-
name: "default_name_5 (source firewall.schedule.onetime.name firewall.schedule.recurring.name)"
name: "default_name_6"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_schedule_onetime – Onetime schedule configuration in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall_schedule feature and onetime category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_schedule_onetime - Onetime schedule configuration. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- color - Color of icon on the GUI. type: int
- end - Schedule end date and time, format hh:mm yyyy/mm/dd. type: str
- expiration_days - Write an event log message this many days before the schedule expires. type: int
- name - Onetime schedule name. type: str required: True
- start - Schedule start date and time, format hh:mm yyyy/mm/dd. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Onetime schedule configuration.
fortios_firewall_schedule_onetime:
vdom: "{{ vdom }}"
state: "present"
firewall_schedule_onetime:
color: "3"
end: "<your_own_value>"
expiration_days: "5"
name: "default_name_6"
start: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_schedule_recurring – Recurring schedule configuration in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall_schedule feature and recurring category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_schedule_recurring - Recurring schedule configuration. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- color - Color of icon on the GUI. type: int
- day - One or more days of the week on which the schedule is valid. Separate the names of the days with a space. type: str choices: sunday, monday, tuesday, wednesday, thursday, friday, saturday, none
- end - Time of day to end the schedule, format hh:mm. type: str
- name - Recurring schedule name. type: str required: True
- start - Time of day to start the schedule, format hh:mm. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Recurring schedule configuration.
fortios_firewall_schedule_recurring:
vdom: "{{ vdom }}"
state: "present"
firewall_schedule_recurring:
color: "3"
day: "sunday"
end: "<your_own_value>"
name: "default_name_6"
start: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_service_category – Configure service categories in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall_service feature and category category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_service_category - Configure service categories. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- comment - Comment. type: str
- name - Service category name. type: str required: True
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure service categories.
fortios_firewall_service_category:
vdom: "{{ vdom }}"
state: "present"
firewall_service_category:
comment: "Comment."
name: "default_name_4"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_service_custom – Configure custom services in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall_service feature and custom category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_service_custom - Configure custom services. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- app_category - Application category ID. type: list
- id - Application category id. type: int required: True
- app_service_type - Application service type. type: str choices: disable, app-id, app-category
- application - Application ID. type: list
- id - Application id. type: int required: True
- category - Service category. Source firewall.service.category.name. type: str
- check_reset_range - Configure the type of ICMP error message verification. type: str choices: disable, strict, default
- color - Color of icon on the GUI. type: int
- comment - Comment. type: str
- fqdn - Fully qualified domain name. type: str
- helper - Helper name. type: str choices: auto, disable, ftp, tftp, ras, h323, tns, mms, sip, pptp, rtsp, dns-udp, dns-tcp, pmap, rsh, dcerpc, mgcp, gtp-c, gtp-u, gtp-b
- icmpcode - ICMP code. type: int
- icmptype - ICMP type. type: int
- iprange - Start and end of the IP range associated with service. type: str
- name - Custom service name. type: str required: True
- protocol - Protocol type based on IANA numbers. type: str choices: TCP/UDP/SCTP, ICMP, ICMP6, IP, HTTP, FTP, CONNECT, SOCKS-TCP, SOCKS-UDP, ALL
- protocol_number - IP protocol number. type: int
- proxy - Enable/disable web proxy service. type: str choices: enable, disable
- sctp_portrange - Multiple SCTP port ranges. type: str
- session_ttl - Session TTL (300 - 604800, 0 = default). type: int
- tcp_halfclose_timer - Wait time to close a TCP session waiting for an unanswered FIN packet (1 - 86400 sec, 0 = default). type: int
- tcp_halfopen_timer - Wait time to close a TCP session waiting for an unanswered open session packet (1 - 86400 sec, 0 = default). type: int
- tcp_portrange - Multiple TCP port ranges. type: str
- tcp_timewait_timer - Set the length of the TCP TIME-WAIT state in seconds (1 - 300 sec, 0 = default). type: int
- udp_idle_timer - UDP half close timeout (0 - 86400 sec, 0 = default). type: int
- udp_portrange - Multiple UDP port ranges. type: str
- visibility - Enable/disable the visibility of the service on the GUI. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure custom services.
fortios_firewall_service_custom:
vdom: "{{ vdom }}"
state: "present"
firewall_service_custom:
app_category:
-
id: "4"
app_service_type: "disable"
application:
-
id: "7"
category: "<your_own_value> (source firewall.service.category.name)"
check_reset_range: "disable"
color: "10"
comment: "Comment."
fqdn: "<your_own_value>"
helper: "auto"
icmpcode: "14"
icmptype: "15"
iprange: "<your_own_value>"
name: "default_name_17"
protocol: "TCP/UDP/SCTP"
protocol_number: "19"
proxy: "enable"
sctp_portrange: "<your_own_value>"
session_ttl: "22"
tcp_halfclose_timer: "23"
tcp_halfopen_timer: "24"
tcp_portrange: "<your_own_value>"
tcp_timewait_timer: "26"
udp_idle_timer: "27"
udp_portrange: "<your_own_value>"
visibility: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_service_group – Configure service groups in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall_service feature and group category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_service_group - Configure service groups. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- color - Color of icon on the GUI. type: int
- comment - Comment. type: str
- member - Service objects contained within the group. type: list
- name - Address name. Source firewall.service.custom.name firewall.service.group.name. type: str required: True
- name - Address group name. type: str required: True
- proxy - Enable/disable web proxy service group. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure service groups.
fortios_firewall_service_group:
vdom: "{{ vdom }}"
state: "present"
firewall_service_group:
color: "3"
comment: "Comment."
member:
-
name: "default_name_6 (source firewall.service.custom.name firewall.service.group.name)"
name: "default_name_7"
proxy: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_shaper_per_ip_shaper – Configure per-IP traffic shaper in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall_shaper feature and per_ip_shaper category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_shaper_per_ip_shaper - Configure per-IP traffic shaper. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- bandwidth_unit - Unit of measurement for maximum bandwidth for this shaper (Kbps, Mbps or Gbps). type: str choices: kbps, mbps, gbps
- diffserv_forward - Enable/disable changing the Forward (original) DiffServ setting applied to traffic accepted by this shaper. type: str choices: enable, disable
- diffserv_reverse - Enable/disable changing the Reverse (reply) DiffServ setting applied to traffic accepted by this shaper. type: str choices: enable, disable
- diffservcode_forward - Forward (original) DiffServ setting to be applied to traffic accepted by this shaper. type: str
- diffservcode_rev - Reverse (reply) DiffServ setting to be applied to traffic accepted by this shaper. type: str
- max_bandwidth - Upper bandwidth limit enforced by this shaper (0 - 16776000). 0 means no limit. Units depend on the bandwidth-unit setting. type: int
- max_concurrent_session - Maximum number of concurrent sessions allowed by this shaper (0 - 2097000). 0 means no limit. type: int
- name - Traffic shaper name. type: str required: True
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure per-IP traffic shaper.
fortios_firewall_shaper_per_ip_shaper:
vdom: "{{ vdom }}"
state: "present"
firewall_shaper_per_ip_shaper:
bandwidth_unit: "kbps"
diffserv_forward: "enable"
diffserv_reverse: "enable"
diffservcode_forward: "<your_own_value>"
diffservcode_rev: "<your_own_value>"
max_bandwidth: "8"
max_concurrent_session: "9"
name: "default_name_10"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_shaping_policy – Configure shaping policies in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and shaping_policy category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_shaping_policy - Configure shaping policies. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- app_category - IDs of one or more application categories that this shaper applies application control traffic shaping to. type: list
- id - Category IDs. type: int required: True
- application - IDs of one or more applications that this shaper applies application control traffic shaping to. type: list
- id - Application IDs. type: int required: True
- class_id - Traffic class ID. type: int
- comment - Comments. type: str
- dstaddr - IPv4 destination address and address group names. type: list
- name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: True
- dstaddr6 - IPv6 destination address and address group names. type: list
- name - Address name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: True
- dstintf - One or more outgoing (egress) interfaces. type: list
- name - Interface name. Source system.interface.name system.zone.name. type: str required: True
- groups - Apply this traffic shaping policy to user groups that have authenticated with the FortiGate. type: list
- name - Group name. Source user.group.name. type: str required: True
- id - Shaping policy ID. type: int required: True
- internet_service - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. type: str choices: enable, disable
- internet_service_custom - Custom Internet Service name. type: list
- name - Custom Internet Service name. Source firewall.internet-service-custom.name. type: str required: True
- internet_service_id - Internet Service ID. type: list
- id - Internet Service ID. Source firewall.internet-service.id. type: int required: True
- internet_service_src - Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. type: str choices: enable, disable
- internet_service_src_custom - Custom Internet Service source name. type: list
- name - Custom Internet Service name. Source firewall.internet-service-custom.name. type: str required: True
- internet_service_src_id - Internet Service source ID. type: list
- id - Internet Service ID. Source firewall.internet-service.id. type: int required: True
- ip_version - Apply this traffic shaping policy to IPv4 or IPv6 traffic. type: str choices: 4, 6
- per_ip_shaper - Per-IP traffic shaper to apply with this policy. Source firewall.shaper.per-ip-shaper.name. type: str
- schedule - Schedule name. Source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name. type: str
- service - Service and service group names. type: list
- name - Service name. Source firewall.service.custom.name firewall.service.group.name. type: str required: True
- srcaddr - IPv4 source address and address group names. type: list
- name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: True
- srcaddr6 - IPv6 source address and address group names. type: list
- name - Address name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: True
- status - Enable/disable this traffic shaping policy. type: str choices: enable, disable
- traffic_shaper - Traffic shaper to apply to traffic forwarded by the firewall policy. Source firewall.shaper.traffic-shaper.name. type: str
- traffic_shaper_reverse - Traffic shaper to apply to response traffic received by the firewall policy. Source firewall.shaper.traffic-shaper.name. type: str
- url_category - IDs of one or more FortiGuard Web Filtering categories that this shaper applies traffic shaping to. type: list
- id - URL category ID. type: int required: True
- users - Apply this traffic shaping policy to individual users that have authenticated with the FortiGate. type: list
- name - User name. Source user.local.name. type: str required: True
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure shaping policies.
fortios_firewall_shaping_policy:
vdom: "{{ vdom }}"
state: "present"
firewall_shaping_policy:
app_category:
-
id: "4"
application:
-
id: "6"
class_id: "7"
comment: "Comments."
dstaddr:
-
name: "default_name_10 (source firewall.address.name firewall.addrgrp.name)"
dstaddr6:
-
name: "default_name_12 (source firewall.address6.name firewall.addrgrp6.name)"
dstintf:
-
name: "default_name_14 (source system.interface.name system.zone.name)"
groups:
-
name: "default_name_16 (source user.group.name)"
id: "17"
internet_service: "enable"
internet_service_custom:
-
name: "default_name_20 (source firewall.internet-service-custom.name)"
internet_service_id:
-
id: "22 (source firewall.internet-service.id)"
internet_service_src: "enable"
internet_service_src_custom:
-
name: "default_name_25 (source firewall.internet-service-custom.name)"
internet_service_src_id:
-
id: "27 (source firewall.internet-service.id)"
ip_version: "4"
per_ip_shaper: "<your_own_value> (source firewall.shaper.per-ip-shaper.name)"
schedule: "<your_own_value> (source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name)"
service:
-
name: "default_name_32 (source firewall.service.custom.name firewall.service.group.name)"
srcaddr:
-
name: "default_name_34 (source firewall.address.name firewall.addrgrp.name)"
srcaddr6:
-
name: "default_name_36 (source firewall.address6.name firewall.addrgrp6.name)"
status: "enable"
traffic_shaper: "<your_own_value> (source firewall.shaper.traffic-shaper.name)"
traffic_shaper_reverse: "<your_own_value> (source firewall.shaper.traffic-shaper.name)"
url_category:
-
id: "41"
users:
-
name: "default_name_43 (source user.local.name)"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_shaping_profile – Configure shaping profiles in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and shaping_profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_shaping_profile - Configure shaping profiles. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- comment - Comment. type: str
- default_class_id - Default class ID to handle unclassified packets (including all local traffic). type: int
- profile_name - Shaping profile name. type: str
- shaping_entries - Define shaping entries of this shaping profile. type: list
- class_id - Class ID. type: int
- guaranteed_bandwidth_percentage - Guaranteed bandwith in percentage. type: int
- id - ID number. type: int required: True
- maximum_bandwidth_percentage - Maximum bandwith in percentage. type: int
- priority - Priority. type: str choices: high, medium, low
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure shaping profiles.
fortios_firewall_shaping_profile:
vdom: "{{ vdom }}"
state: "present"
firewall_shaping_profile:
comment: "Comment."
default_class_id: "4"
profile_name: "<your_own_value>"
shaping_entries:
-
class_id: "7"
guaranteed_bandwidth_percentage: "8"
id: "9"
maximum_bandwidth_percentage: "10"
priority: "high"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_sniffer – Configure sniffer in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and sniffer category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_sniffer - Configure sniffer. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- anomaly - Configuration method to edit Denial of Service (DoS) anomaly settings. type: list
- action - Action taken when the threshold is reached. type: str choices: pass, block
- log - Enable/disable anomaly logging. type: str choices: enable, disable
- name - Anomaly name. type: str required: True
- quarantine - Quarantine method. type: str choices: none, attacker
- quarantine_expiry - Duration of quarantine. (Format type: str
- quarantine_log - Enable/disable quarantine logging. type: str choices: disable, enable
- status - Enable/disable this anomaly. type: str choices: disable, enable
- threshold - Anomaly threshold. Number of detected instances per minute that triggers the anomaly action. type: int
- threshold(default) - Number of detected instances per minute which triggers action (1 - 2147483647). Note that each anomaly has a different threshold value assigned to it. type: int
- application_list - Name of an existing application list. Source application.list.name. type: str
- application_list_status - Enable/disable application control profile. type: str choices: enable, disable
- av_profile - Name of an existing antivirus profile. Source antivirus.profile.name. type: str
- av_profile_status - Enable/disable antivirus profile. type: str choices: enable, disable
- dlp_sensor - Name of an existing DLP sensor. Source dlp.sensor.name. type: str
- dlp_sensor_status - Enable/disable DLP sensor. type: str choices: enable, disable
- dsri - Enable/disable DSRI. type: str choices: enable, disable
- host - Hosts to filter for in sniffer traffic (Format examples: 1.1.1.1, 2.2.2.0/24, 3.3.3.3/255.255.255.0, 4.4.4.0-4.4.4.240). type: str
- id - Sniffer ID. type: int required: True
- interface - Interface name that traffic sniffing will take place on. Source system.interface.name. type: str
- ips_dos_status - Enable/disable IPS DoS anomaly detection. type: str choices: enable, disable
- ips_sensor - Name of an existing IPS sensor. Source ips.sensor.name. type: str
- ips_sensor_status - Enable/disable IPS sensor. type: str choices: enable, disable
- ipv6 - Enable/disable sniffing IPv6 packets. type: str choices: enable, disable
- logtraffic - Either log all sessions, only sessions that have a security profile applied, or disable all logging for this policy. type: str choices: all, utm, disable
- max_packet_count - Maximum packet count (1 - 1000000). type: int
- non_ip - Enable/disable sniffing non-IP packets. type: str choices: enable, disable
- port - Ports to sniff (Format examples: 10, :20, 30:40, 50-, 100-200). type: str
- protocol - Integer value for the protocol type as defined by IANA (0 - 255). type: str
- scan_botnet_connections - Enable/disable scanning of connections to Botnet servers. type: str choices: disable, block, monitor
- spamfilter_profile - Name of an existing spam filter profile. Source spamfilter.profile.name. type: str
- spamfilter_profile_status - Enable/disable spam filter. type: str choices: enable, disable
- status - Enable/disable the active status of the sniffer. type: str choices: enable, disable
- vlan - List of VLANs to sniff. type: str
- webfilter_profile - Name of an existing web filter profile. Source webfilter.profile.name. type: str
- webfilter_profile_status - Enable/disable web filter profile. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure sniffer.
fortios_firewall_sniffer:
vdom: "{{ vdom }}"
state: "present"
firewall_sniffer:
anomaly:
-
action: "pass"
log: "enable"
name: "default_name_6"
quarantine: "none"
quarantine_expiry: "<your_own_value>"
quarantine_log: "disable"
status: "disable"
threshold: "11"
threshold(default): "12"
application_list: "<your_own_value> (source application.list.name)"
application_list_status: "enable"
av_profile: "<your_own_value> (source antivirus.profile.name)"
av_profile_status: "enable"
dlp_sensor: "<your_own_value> (source dlp.sensor.name)"
dlp_sensor_status: "enable"
dsri: "enable"
host: "myhostname"
id: "21"
interface: "<your_own_value> (source system.interface.name)"
ips_dos_status: "enable"
ips_sensor: "<your_own_value> (source ips.sensor.name)"
ips_sensor_status: "enable"
ipv6: "enable"
logtraffic: "all"
max_packet_count: "28"
non_ip: "enable"
port: "<your_own_value>"
protocol: "<your_own_value>"
scan_botnet_connections: "disable"
spamfilter_profile: "<your_own_value> (source spamfilter.profile.name)"
spamfilter_profile_status: "enable"
status: "enable"
vlan: "<your_own_value>"
webfilter_profile: "<your_own_value> (source webfilter.profile.name)"
webfilter_profile_status: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_ssh_host_key – SSH proxy host public keys in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall_ssh feature and host_key category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_ssh_host_key - SSH proxy host public keys. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- hostname - Hostname of the SSH server. type: str
- ip - IP address of the SSH server. type: str
- name - SSH public key name. type: str required: True
- nid - Set the nid of the ECDSA key. type: str choices: 256, 384, 521
- port - Port of the SSH server. type: int
- public_key - SSH public key. type: str
- status - Set the trust status of the public key. type: str choices: trusted, revoked
- type - Set the type of the public key. type: str choices: RSA, DSA, ECDSA, ED25519, RSA-CA, DSA-CA, ECDSA-CA, ED25519-CA
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: SSH proxy host public keys.
fortios_firewall_ssh_host_key:
vdom: "{{ vdom }}"
state: "present"
firewall_ssh_host_key:
hostname: "myhostname"
ip: "<your_own_value>"
name: "default_name_5"
nid: "256"
port: "7"
public_key: "<your_own_value>"
status: "trusted"
type: "RSA"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_ssh_local_ca – SSH proxy local CA in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall_ssh feature and local_ca category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_ssh_local_ca - SSH proxy local CA. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- name - SSH proxy local CA name. type: str required: True
- password - Password for SSH private key. type: str
- private_key - SSH proxy private key, encrypted with a password. type: str
- public_key - SSH proxy public key. type: str
- source - SSH proxy local CA source type. type: str choices: built-in, user
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: SSH proxy local CA.
fortios_firewall_ssh_local_ca:
vdom: "{{ vdom }}"
state: "present"
firewall_ssh_local_ca:
name: "default_name_3"
password: "<your_own_value>"
private_key: "<your_own_value>"
public_key: "<your_own_value>"
source: "built-in"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_ssh_local_key – SSH proxy local keys in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall_ssh feature and local_key category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_ssh_local_key - SSH proxy local keys. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- name - SSH proxy local key name. type: str required: True
- password - Password for SSH private key. type: str
- private_key - SSH proxy private key, encrypted with a password. type: str
- public_key - SSH proxy public key. type: str
- source - SSH proxy local key source type. type: str choices: built-in, user
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: SSH proxy local keys.
fortios_firewall_ssh_local_key:
vdom: "{{ vdom }}"
state: "present"
firewall_ssh_local_key:
name: "default_name_3"
password: "<your_own_value>"
private_key: "<your_own_value>"
public_key: "<your_own_value>"
source: "built-in"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_ssh_setting – SSH proxy settings in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall_ssh feature and setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- firewall_ssh_setting - SSH proxy settings. type: dict
- caname - CA certificate used by SSH Inspection. Source firewall.ssh.local-ca.name. type: str
- host_trusted_checking - Enable/disable host trusted checking. type: str choices: enable, disable
- hostkey_dsa1024 - DSA certificate used by SSH proxy. Source firewall.ssh.local-key.name. type: str
- hostkey_ecdsa256 - ECDSA nid256 certificate used by SSH proxy. Source firewall.ssh.local-key.name. type: str
- hostkey_ecdsa384 - ECDSA nid384 certificate used by SSH proxy. Source firewall.ssh.local-key.name. type: str
- hostkey_ecdsa521 - ECDSA nid384 certificate used by SSH proxy. Source firewall.ssh.local-key.name. type: str
- hostkey_ed25519 - ED25519 hostkey used by SSH proxy. Source firewall.ssh.local-key.name. type: str
- hostkey_rsa2048 - RSA certificate used by SSH proxy. Source firewall.ssh.local-key.name. type: str
- untrusted_caname - Untrusted CA certificate used by SSH Inspection. Source firewall.ssh.local-ca.name. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: SSH proxy settings.
fortios_firewall_ssh_setting:
vdom: "{{ vdom }}"
firewall_ssh_setting:
caname: "<your_own_value> (source firewall.ssh.local-ca.name)"
host_trusted_checking: "enable"
hostkey_dsa1024: "myhostname (source firewall.ssh.local-key.name)"
hostkey_ecdsa256: "myhostname (source firewall.ssh.local-key.name)"
hostkey_ecdsa384: "myhostname (source firewall.ssh.local-key.name)"
hostkey_ecdsa521: "myhostname (source firewall.ssh.local-key.name)"
hostkey_ed25519: "myhostname (source firewall.ssh.local-key.name)"
hostkey_rsa2048: "myhostname (source firewall.ssh.local-key.name)"
untrusted_caname: "<your_own_value> (source firewall.ssh.local-ca.name)"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_ssl_server – Configure SSL servers in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and ssl_server category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_ssl_server - Configure SSL servers. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- add_header_x_forwarded_proto - Enable/disable adding an X-Forwarded-Proto header to forwarded requests. type: str choices: enable, disable
- ip - IPv4 address of the SSL server. type: str
- mapped_port - Mapped server service port (1 - 65535). type: int
- name - Server name. type: str required: True
- port - Server service port (1 - 65535). type: int
- ssl_algorithm - Relative strength of encryption algorithms accepted in negotiation. type: str choices: high, medium, low
- ssl_cert - Name of certificate for SSL connections to this server . Source vpn.certificate.local.name. type: str
- ssl_client_renegotiation - Allow or block client renegotiation by server. type: str choices: allow, deny, secure
- ssl_dh_bits - Bit-size of Diffie-Hellman (DH) prime used in DHE-RSA negotiation . type: str choices: 768, 1024, 1536, 2048
- ssl_max_version - Highest SSL/TLS version to negotiate. type: str choices: tls-1.0, tls-1.1, tls-1.2
- ssl_min_version - Lowest SSL/TLS version to negotiate. type: str choices: tls-1.0, tls-1.1, tls-1.2
- ssl_mode - SSL/TLS mode for encryption and decryption of traffic. type: str choices: half, full
- ssl_send_empty_frags - Enable/disable sending empty fragments to avoid attack on CBC IV. type: str choices: enable, disable
- url_rewrite - Enable/disable rewriting the URL. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure SSL servers.
fortios_firewall_ssl_server:
vdom: "{{ vdom }}"
state: "present"
firewall_ssl_server:
add_header_x_forwarded_proto: "enable"
ip: "<your_own_value>"
mapped_port: "5"
name: "default_name_6"
port: "7"
ssl_algorithm: "high"
ssl_cert: "<your_own_value> (source vpn.certificate.local.name)"
ssl_client_renegotiation: "allow"
ssl_dh_bits: "768"
ssl_max_version: "tls-1.0"
ssl_min_version: "tls-1.0"
ssl_mode: "half"
ssl_send_empty_frags: "enable"
url_rewrite: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_ssl_setting – SSL proxy settings in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall_ssl feature and setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- firewall_ssl_setting - SSL proxy settings. type: dict
- abbreviate_handshake - Enable/disable use of SSL abbreviated handshake. type: str choices: enable, disable
- cert_cache_capacity - Maximum capacity of the host certificate cache (0 - 500). type: int
- cert_cache_timeout - Time limit to keep certificate cache (1 - 120 min). type: int
- kxp_queue_threshold - Maximum length of the CP KXP queue. When the queue becomes full, the proxy switches cipher functions to the main CPU (0 - 512). type: int
- no_matching_cipher_action - Bypass or drop the connection when no matching cipher is found. type: str choices: bypass, drop
- proxy_connect_timeout - Time limit to make an internal connection to the appropriate proxy process (1 - 60 sec). type: int
- session_cache_capacity - Capacity of the SSL session cache (--Obsolete--) (1 - 1000). type: int
- session_cache_timeout - Time limit to keep SSL session state (1 - 60 min). type: int
- ssl_dh_bits - Bit-size of Diffie-Hellman (DH) prime used in DHE-RSA negotiation . type: str choices: 768, 1024, 1536, 2048
- ssl_queue_threshold - Maximum length of the CP SSL queue. When the queue becomes full, the proxy switches cipher functions to the main CPU (0 - 512). type: int
- ssl_send_empty_frags - Enable/disable sending empty fragments to avoid attack on CBC IV (for SSL 3.0 and TLS 1.0 only). type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: SSL proxy settings.
fortios_firewall_ssl_setting:
vdom: "{{ vdom }}"
firewall_ssl_setting:
abbreviate_handshake: "enable"
cert_cache_capacity: "4"
cert_cache_timeout: "5"
kxp_queue_threshold: "6"
no_matching_cipher_action: "bypass"
proxy_connect_timeout: "8"
session_cache_capacity: "9"
session_cache_timeout: "10"
ssl_dh_bits: "768"
ssl_queue_threshold: "12"
ssl_send_empty_frags: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_ssl_ssh_profile – Configure SSL/SSH protocol options in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and ssl_ssh_profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_ssl_ssh_profile - Configure SSL/SSH protocol options. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- caname - CA certificate used by SSL Inspection. Source vpn.certificate.local.name. type: str
- comment - Optional comments. type: str
- ftps - Configure FTPS options. type: dict
- allow_invalid_server_cert - When enabled, allows SSL sessions whose server certificate validation failed. type: str choices: enable, disable
- client_cert_request - Action based on client certificate request. type: str choices: bypass, inspect, block
- ports - Ports to use for scanning (1 - 65535). type: int
- status - Configure protocol inspection status. type: str choices: disable, deep-inspection
- unsupported_ssl - Action based on the SSL encryption used being unsupported. type: str choices: bypass, inspect, block
- untrusted_cert - Allow, ignore, or block the untrusted SSL session server certificate. type: str choices: allow, block, ignore
- https - Configure HTTPS options. type: dict
- allow_invalid_server_cert - When enabled, allows SSL sessions whose server certificate validation failed. type: str choices: enable, disable
- client_cert_request - Action based on client certificate request. type: str choices: bypass, inspect, block
- ports - Ports to use for scanning (1 - 65535). type: int
- status - Configure protocol inspection status. type: str choices: disable, certificate-inspection, deep-inspection
- unsupported_ssl - Action based on the SSL encryption used being unsupported. type: str choices: bypass, inspect, block
- untrusted_cert - Allow, ignore, or block the untrusted SSL session server certificate. type: str choices: allow, block, ignore
- imaps - Configure IMAPS options. type: dict
- allow_invalid_server_cert - When enabled, allows SSL sessions whose server certificate validation failed. type: str choices: enable, disable
- client_cert_request - Action based on client certificate request. type: str choices: bypass, inspect, block
- ports - Ports to use for scanning (1 - 65535). type: int
- status - Configure protocol inspection status. type: str choices: disable, deep-inspection
- unsupported_ssl - Action based on the SSL encryption used being unsupported. type: str choices: bypass, inspect, block
- untrusted_cert - Allow, ignore, or block the untrusted SSL session server certificate. type: str choices: allow, block, ignore
- mapi_over_https - Enable/disable inspection of MAPI over HTTPS. type: str choices: enable, disable
- name - Name. type: str required: True
- pop3s - Configure POP3S options. type: dict
- allow_invalid_server_cert - When enabled, allows SSL sessions whose server certificate validation failed. type: str choices: enable, disable
- client_cert_request - Action based on client certificate request. type: str choices: bypass, inspect, block
- ports - Ports to use for scanning (1 - 65535). type: int
- status - Configure protocol inspection status. type: str choices: disable, deep-inspection
- unsupported_ssl - Action based on the SSL encryption used being unsupported. type: str choices: bypass, inspect, block
- untrusted_cert - Allow, ignore, or block the untrusted SSL session server certificate. type: str choices: allow, block, ignore
- rpc_over_https - Enable/disable inspection of RPC over HTTPS. type: str choices: enable, disable
- server_cert - Certificate used by SSL Inspection to replace server certificate. Source vpn.certificate.local.name. type: str
- server_cert_mode - Re-sign or replace the server"s certificate. type: str choices: re-sign, replace
- smtps - Configure SMTPS options. type: dict
- allow_invalid_server_cert - When enabled, allows SSL sessions whose server certificate validation failed. type: str choices: enable, disable
- client_cert_request - Action based on client certificate request. type: str choices: bypass, inspect, block
- ports - Ports to use for scanning (1 - 65535). type: int
- status - Configure protocol inspection status. type: str choices: disable, deep-inspection
- unsupported_ssl - Action based on the SSL encryption used being unsupported. type: str choices: bypass, inspect, block
- untrusted_cert - Allow, ignore, or block the untrusted SSL session server certificate. type: str choices: allow, block, ignore
- ssh - Configure SSH options. type: dict
- inspect_all - Level of SSL inspection. type: str choices: disable, deep-inspection
- ports - Ports to use for scanning (1 - 65535). type: int
- ssh_algorithm - Relative strength of encryption algorithms accepted during negotiation. type: str choices: compatible, high-encryption
- ssh_policy_check - Enable/disable SSH policy check. type: str choices: disable, enable
- ssh_tun_policy_check - Enable/disable SSH tunnel policy check. type: str choices: disable, enable
- status - Configure protocol inspection status. type: str choices: disable, deep-inspection
- unsupported_version - Action based on SSH version being unsupported. type: str choices: bypass, block
- ssl - Configure SSL options. type: dict
- allow_invalid_server_cert - When enabled, allows SSL sessions whose server certificate validation failed. type: str choices: enable, disable
- client_cert_request - Action based on client certificate request. type: str choices: bypass, inspect, block
- inspect_all - Level of SSL inspection. type: str choices: disable, certificate-inspection, deep-inspection
- unsupported_ssl - Action based on the SSL encryption used being unsupported. type: str choices: bypass, inspect, block
- untrusted_cert - Allow, ignore, or block the untrusted SSL session server certificate. type: str choices: allow, block, ignore
- ssl_anomalies_log - Enable/disable logging SSL anomalies. type: str choices: disable, enable
- ssl_exempt - Servers to exempt from SSL inspection. type: list
- address - IPv4 address object. Source firewall.address.name firewall.addrgrp.name. type: str
- address6 - IPv6 address object. Source firewall.address6.name firewall.addrgrp6.name. type: str
- fortiguard_category - FortiGuard category ID. type: int
- id - ID number. type: int required: True
- regex - Exempt servers by regular expression. type: str
- type - Type of address object (IPv4 or IPv6) or FortiGuard category. type: str choices: fortiguard-category, address, address6, wildcard-fqdn, regex
- wildcard_fqdn - Exempt servers by wildcard FQDN. Source firewall.wildcard-fqdn.custom.name firewall.wildcard-fqdn.group.name. type: str
- ssl_exemptions_log - Enable/disable logging SSL exemptions. type: str choices: disable, enable
- ssl_server - SSL servers. type: list
- ftps_client_cert_request - Action based on client certificate request during the FTPS handshake. type: str choices: bypass, inspect, block
- https_client_cert_request - Action based on client certificate request during the HTTPS handshake. type: str choices: bypass, inspect, block
- id - SSL server ID. type: int required: True
- imaps_client_cert_request - Action based on client certificate request during the IMAPS handshake. type: str choices: bypass, inspect, block
- ip - IPv4 address of the SSL server. type: str
- pop3s_client_cert_request - Action based on client certificate request during the POP3S handshake. type: str choices: bypass, inspect, block
- smtps_client_cert_request - Action based on client certificate request during the SMTPS handshake. type: str choices: bypass, inspect, block
- ssl_other_client_cert_request - Action based on client certificate request during an SSL protocol handshake. type: str choices: bypass, inspect, block
- untrusted_caname - Untrusted CA certificate used by SSL Inspection. Source vpn.certificate.local.name. type: str
- use_ssl_server - Enable/disable the use of SSL server table for SSL offloading. type: str choices: disable, enable
- whitelist - Enable/disable exempting servers by FortiGuard whitelist. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure SSL/SSH protocol options.
fortios_firewall_ssl_ssh_profile:
vdom: "{{ vdom }}"
state: "present"
firewall_ssl_ssh_profile:
caname: "<your_own_value> (source vpn.certificate.local.name)"
comment: "Optional comments."
ftps:
allow_invalid_server_cert: "enable"
client_cert_request: "bypass"
ports: "8"
status: "disable"
unsupported_ssl: "bypass"
untrusted_cert: "allow"
https:
allow_invalid_server_cert: "enable"
client_cert_request: "bypass"
ports: "15"
status: "disable"
unsupported_ssl: "bypass"
untrusted_cert: "allow"
imaps:
allow_invalid_server_cert: "enable"
client_cert_request: "bypass"
ports: "22"
status: "disable"
unsupported_ssl: "bypass"
untrusted_cert: "allow"
mapi_over_https: "enable"
name: "default_name_27"
pop3s:
allow_invalid_server_cert: "enable"
client_cert_request: "bypass"
ports: "31"
status: "disable"
unsupported_ssl: "bypass"
untrusted_cert: "allow"
rpc_over_https: "enable"
server_cert: "<your_own_value> (source vpn.certificate.local.name)"
server_cert_mode: "re-sign"
smtps:
allow_invalid_server_cert: "enable"
client_cert_request: "bypass"
ports: "41"
status: "disable"
unsupported_ssl: "bypass"
untrusted_cert: "allow"
ssh:
inspect_all: "disable"
ports: "47"
ssh_algorithm: "compatible"
ssh_policy_check: "disable"
ssh_tun_policy_check: "disable"
status: "disable"
unsupported_version: "bypass"
ssl:
allow_invalid_server_cert: "enable"
client_cert_request: "bypass"
inspect_all: "disable"
unsupported_ssl: "bypass"
untrusted_cert: "allow"
ssl_anomalies_log: "disable"
ssl_exempt:
-
address: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
address6: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
fortiguard_category: "63"
id: "64"
regex: "<your_own_value>"
type: "fortiguard-category"
wildcard_fqdn: "<your_own_value> (source firewall.wildcard-fqdn.custom.name firewall.wildcard-fqdn.group.name)"
ssl_exemptions_log: "disable"
ssl_server:
-
ftps_client_cert_request: "bypass"
https_client_cert_request: "bypass"
id: "72"
imaps_client_cert_request: "bypass"
ip: "<your_own_value>"
pop3s_client_cert_request: "bypass"
smtps_client_cert_request: "bypass"
ssl_other_client_cert_request: "bypass"
untrusted_caname: "<your_own_value> (source vpn.certificate.local.name)"
use_ssl_server: "disable"
whitelist: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_ttl_policy – Configure TTL policies in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and ttl_policy category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_ttl_policy - Configure TTL policies. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- action - Action to be performed on traffic matching this policy . type: str choices: accept, deny
- id - ID. type: int required: True
- schedule - Schedule object from available options. Source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group .name. type: str
- service - Service object(s) from available options. Separate multiple names with a space. type: list
- name - Service name. Source firewall.service.custom.name firewall.service.group.name. type: str required: True
- srcaddr - Source address object(s) from available options. Separate multiple names with a space. type: list
- name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: True
- srcintf - Source interface name from available interfaces. Source system.zone.name system.interface.name. type: str
- status - Enable/disable this TTL policy. type: str choices: enable, disable
- ttl - Value/range to match against the packet"s Time to Live value (format: ttl[ - ttl_high], 1 - 255). type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure TTL policies.
fortios_firewall_ttl_policy:
vdom: "{{ vdom }}"
state: "present"
firewall_ttl_policy:
action: "accept"
id: "4"
schedule: "<your_own_value> (source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name)"
service:
-
name: "default_name_7 (source firewall.service.custom.name firewall.service.group.name)"
srcaddr:
-
name: "default_name_9 (source firewall.address.name firewall.addrgrp.name)"
srcintf: "<your_own_value> (source system.zone.name system.interface.name)"
status: "enable"
ttl: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_vip – Configure virtual IP for IPv4 in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and vip category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_vip - Configure virtual IP for IPv4. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- arp_reply - Enable to respond to ARP requests for this virtual IP address. Enabled by default. type: str choices: disable, enable
- color - Color of icon on the GUI. type: int
- comment - Comment. type: str
- dns_mapping_ttl - DNS mapping TTL (Set to zero to use TTL in DNS response). type: int
- extaddr - External FQDN address name. type: list
- name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: True
- extintf - Interface connected to the source network that receives the packets that will be forwarded to the destination network. Source system .interface.name. type: str
- extip - IP address or address range on the external interface that you want to map to an address or address range on the destination network. type: str
- extport - Incoming port number range that you want to map to a port number range on the destination network. type: str
- gratuitous_arp_interval - Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable. type: int
- http_cookie_age - Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit. type: int
- http_cookie_domain - Domain that HTTP cookie persistence should apply to. type: str
- http_cookie_domain_from_host - Enable/disable use of HTTP cookie domain from host field in HTTP. type: str choices: disable, enable
- http_cookie_generation - Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies. type: int
- http_cookie_path - Limit HTTP cookie persistence to the specified path. type: str
- http_cookie_share - Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. type: str choices: disable, same-ip
- http_ip_header - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. type: str choices: enable, disable
- http_ip_header_name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used. type: str
- http_multiplex - Enable/disable HTTP multiplexing. type: str choices: enable, disable
- https_cookie_secure - Enable/disable verification that inserted HTTPS cookies are secure. type: str choices: disable, enable
- id - Custom defined ID. type: int
- ldb_method - Method used to distribute sessions to real servers. type: str choices: static, round-robin, weighted, least-session, least-rtt, first-alive, http-host
- mapped_addr - Mapped FQDN address name. Source firewall.address.name. type: str
- mappedip - IP address or address range on the destination network to which the external IP address is mapped. type: list
- range - Mapped IP range. type: str required: True
- mappedport - Port number range on the destination network to which the external port number range is mapped. type: str
- max_embryonic_connections - Maximum number of incomplete connections. type: int
- monitor - Name of the health check monitor to use when polling to determine a virtual server"s connectivity status. type: list
- name - Health monitor name. Source firewall.ldb-monitor.name. type: str required: True
- name - Virtual IP name. type: str required: True
- nat_source_vip - Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. type: str choices: disable, enable
- outlook_web_access - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. type: str choices: disable, enable
- persistence - Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. type: str choices: none, http-cookie, ssl-session-id
- portforward - Enable/disable port forwarding. type: str choices: disable, enable
- portmapping_type - Port mapping type. type: str choices: 1-to-1, m-to-n
- protocol - Protocol to use when forwarding packets. type: str choices: tcp, udp, sctp, icmp
- realservers - Select the real servers that this server load balancing VIP will distribute traffic to. type: list
- client_ip - Only clients in this IP range can connect to this real server. type: str
- healthcheck - Enable to check the responsiveness of the real server before forwarding traffic. type: str choices: disable, enable, vip
- holddown_interval - Time in seconds that the health check monitor continues to monitor and unresponsive server that should be active. type: int
- http_host - HTTP server domain name in HTTP header. type: str
- id - Real server ID. type: int required: True
- ip - IP address of the real server. type: str
- max_connections - Max number of active connections that can be directed to the real server. When reached, sessions are sent to other real servers. type: int
- monitor - Name of the health check monitor to use when polling to determine a virtual server"s connectivity status. Source firewall .ldb-monitor.name. type: str
- port - Port for communicating with the real server. Required if port forwarding is enabled. type: int
- status - Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. type: str choices: active, standby, disable
- weight - Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections. type: int
- server_type - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). type: str choices: http, https, imaps, pop3s, smtps, ssl, tcp, udp, ip
- service - Service name. type: list
- name - Service name. Source firewall.service.custom.name firewall.service.group.name. type: str required: True
- src_filter - Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces. type: list
- range - Source-filter range. type: str required: True
- srcintf_filter - Interfaces to which the VIP applies. Separate the names with spaces. type: list
- interface_name - Interface name. Source system.interface.name. type: str
- ssl_algorithm - Permitted encryption algorithms for SSL sessions according to encryption strength. type: str choices: high, medium, low, custom
- ssl_certificate - The name of the SSL certificate to use for SSL acceleration. Source vpn.certificate.local.name. type: str
- ssl_cipher_suites - SSL/TLS cipher suites acceptable from a client, ordered by priority. type: list
- cipher - Cipher suite name. type: str choices: TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA, TLS-RSA-WITH-DES-CBC-SHA
- priority - SSL/TLS cipher suites priority. type: int required: True
- versions - SSL/TLS versions that the cipher suite can be used with. type: str choices: ssl-3.0, tls-1.0, tls-1.1, tls-1.2
- ssl_client_fallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). type: str choices: disable, enable
- ssl_client_renegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. type: str choices: allow, deny, secure
- ssl_client_session_state_max - Maximum number of client to FortiGate SSL session states to keep. type: int
- ssl_client_session_state_timeout - Number of minutes to keep client to FortiGate SSL session state. type: int
- ssl_client_session_state_type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. type: str choices: disable, time, count, both
- ssl_dh_bits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. type: str choices: 768, 1024, 1536, 2048, 3072, 4096
- ssl_hpkp - Enable/disable including HPKP header in response. type: str choices: disable, enable, report-only
- ssl_hpkp_age - Number of seconds the client should honour the HPKP setting. type: int
- ssl_hpkp_backup - Certificate to generate backup HPKP pin from. Source vpn.certificate.local.name vpn.certificate.ca.name. type: str
- ssl_hpkp_include_subdomains - Indicate that HPKP header applies to all subdomains. type: str choices: disable, enable
- ssl_hpkp_primary - Certificate to generate primary HPKP pin from. Source vpn.certificate.local.name vpn.certificate.ca.name. type: str
- ssl_hpkp_report_uri - URL to report HPKP violations to. type: str
- ssl_hsts - Enable/disable including HSTS header in response. type: str choices: disable, enable
- ssl_hsts_age - Number of seconds the client should honour the HSTS setting. type: int
- ssl_hsts_include_subdomains - Indicate that HSTS header applies to all subdomains. type: str choices: disable, enable
- ssl_http_location_conversion - Enable to replace HTTP with HTTPS in the reply"s Location HTTP header field. type: str choices: enable, disable
- ssl_http_match_host - Enable/disable HTTP host matching for location conversion. type: str choices: enable, disable
- ssl_max_version - Highest SSL/TLS version acceptable from a client. type: str choices: ssl-3.0, tls-1.0, tls-1.1, tls-1.2
- ssl_min_version - Lowest SSL/TLS version acceptable from a client. type: str choices: ssl-3.0, tls-1.0, tls-1.1, tls-1.2
- ssl_mode - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). type: str choices: half, full
- ssl_pfs - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. type: str choices: require, deny, allow
- ssl_send_empty_frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. type: str choices: enable, disable
- ssl_server_algorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. type: str choices: high, medium, low, custom, client
- ssl_server_cipher_suites - SSL/TLS cipher suites to offer to a server, ordered by priority. type: list
- cipher - Cipher suite name. type: str choices: TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA, TLS-RSA-WITH-DES-CBC-SHA
- priority - SSL/TLS cipher suites priority. type: int required: True
- versions - SSL/TLS versions that the cipher suite can be used with. type: str choices: ssl-3.0, tls-1.0, tls-1.1, tls-1.2
- ssl_server_max_version - Highest SSL/TLS version acceptable from a server. Use the client setting by default. type: str choices: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client
- ssl_server_min_version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default. type: str choices: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client
- ssl_server_session_state_max - Maximum number of FortiGate to Server SSL session states to keep. type: int
- ssl_server_session_state_timeout - Number of minutes to keep FortiGate to Server SSL session state. type: int
- ssl_server_session_state_type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. type: str choices: disable, time, count, both
- type - Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP. type: str choices: static-nat, load-balance, server-load-balance, dns-translation, fqdn
- uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str
- weblogic_server - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. type: str choices: disable, enable
- websphere_server - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. type: str choices: disable, enable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure virtual IP for IPv4.
fortios_firewall_vip:
vdom: "{{ vdom }}"
state: "present"
firewall_vip:
arp_reply: "disable"
color: "4"
comment: "Comment."
dns_mapping_ttl: "6"
extaddr:
-
name: "default_name_8 (source firewall.address.name firewall.addrgrp.name)"
extintf: "<your_own_value> (source system.interface.name)"
extip: "<your_own_value>"
extport: "<your_own_value>"
gratuitous_arp_interval: "12"
http_cookie_age: "13"
http_cookie_domain: "<your_own_value>"
http_cookie_domain_from_host: "disable"
http_cookie_generation: "16"
http_cookie_path: "<your_own_value>"
http_cookie_share: "disable"
http_ip_header: "enable"
http_ip_header_name: "<your_own_value>"
http_multiplex: "enable"
https_cookie_secure: "disable"
id: "23"
ldb_method: "static"
mapped_addr: "<your_own_value> (source firewall.address.name)"
mappedip:
-
range: "<your_own_value>"
mappedport: "<your_own_value>"
max_embryonic_connections: "29"
monitor:
-
name: "default_name_31 (source firewall.ldb-monitor.name)"
name: "default_name_32"
nat_source_vip: "disable"
outlook_web_access: "disable"
persistence: "none"
portforward: "disable"
portmapping_type: "1-to-1"
protocol: "tcp"
realservers:
-
client_ip: "<your_own_value>"
healthcheck: "disable"
holddown_interval: "42"
http_host: "myhostname"
id: "44"
ip: "<your_own_value>"
max_connections: "46"
monitor: "<your_own_value> (source firewall.ldb-monitor.name)"
port: "48"
status: "active"
weight: "50"
server_type: "http"
service:
-
name: "default_name_53 (source firewall.service.custom.name firewall.service.group.name)"
src_filter:
-
range: "<your_own_value>"
srcintf_filter:
-
interface_name: "<your_own_value> (source system.interface.name)"
ssl_algorithm: "high"
ssl_certificate: "<your_own_value> (source vpn.certificate.local.name)"
ssl_cipher_suites:
-
cipher: "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256"
priority: "62"
versions: "ssl-3.0"
ssl_client_fallback: "disable"
ssl_client_renegotiation: "allow"
ssl_client_session_state_max: "66"
ssl_client_session_state_timeout: "67"
ssl_client_session_state_type: "disable"
ssl_dh_bits: "768"
ssl_hpkp: "disable"
ssl_hpkp_age: "71"
ssl_hpkp_backup: "<your_own_value> (source vpn.certificate.local.name vpn.certificate.ca.name)"
ssl_hpkp_include_subdomains: "disable"
ssl_hpkp_primary: "<your_own_value> (source vpn.certificate.local.name vpn.certificate.ca.name)"
ssl_hpkp_report_uri: "<your_own_value>"
ssl_hsts: "disable"
ssl_hsts_age: "77"
ssl_hsts_include_subdomains: "disable"
ssl_http_location_conversion: "enable"
ssl_http_match_host: "enable"
ssl_max_version: "ssl-3.0"
ssl_min_version: "ssl-3.0"
ssl_mode: "half"
ssl_pfs: "require"
ssl_send_empty_frags: "enable"
ssl_server_algorithm: "high"
ssl_server_cipher_suites:
-
cipher: "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256"
priority: "89"
versions: "ssl-3.0"
ssl_server_max_version: "ssl-3.0"
ssl_server_min_version: "ssl-3.0"
ssl_server_session_state_max: "93"
ssl_server_session_state_timeout: "94"
ssl_server_session_state_type: "disable"
type: "static-nat"
uuid: "<your_own_value>"
weblogic_server: "disable"
websphere_server: "disable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_vip46 – Configure IPv4 to IPv6 virtual IPs in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and vip46 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_vip46 - Configure IPv4 to IPv6 virtual IPs. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- arp_reply - Enable ARP reply. type: str choices: disable, enable
- color - Color of icon on the GUI. type: int
- comment - Comment. type: str
- extip - Start-external-IP [-end-external-IP]. type: str
- extport - External service port. type: str
- id - Custom defined id. type: int
- ldb_method - Load balance method. type: str choices: static, round-robin, weighted, least-session, least-rtt, first-alive
- mappedip - Start-mapped-IP [-end mapped-IP]. type: str
- mappedport - Mapped service port. type: str
- monitor - Health monitors. type: list
- name - Health monitor name. Source firewall.ldb-monitor.name. type: str required: True
- name - VIP46 name. type: str required: True
- portforward - Enable port forwarding. type: str choices: disable, enable
- protocol - Mapped port protocol. type: str choices: tcp, udp
- realservers - Real servers. type: list
- client_ip - Restrict server to a client IP in this range. type: str
- healthcheck - Per server health check. type: str choices: disable, enable, vip
- holddown_interval - Hold down interval. type: int
- id - Real server ID. type: int required: True
- ip - Mapped server IPv6. type: str
- max_connections - Maximum number of connections allowed to server. type: int
- monitor - Health monitors. Source firewall.ldb-monitor.name. type: str
- port - Mapped server port. type: int
- status - Server administrative status. type: str choices: active, standby, disable
- weight - weight type: int
- server_type - Server type. type: str choices: http, tcp, udp, ip
- src_filter - Source IP filter (x.x.x.x/x). type: list
- range - Src-filter range. type: str required: True
- type - VIP type: static NAT or server load balance. type: str choices: static-nat, server-load-balance
- uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IPv4 to IPv6 virtual IPs.
fortios_firewall_vip46:
vdom: "{{ vdom }}"
state: "present"
firewall_vip46:
arp_reply: "disable"
color: "4"
comment: "Comment."
extip: "<your_own_value>"
extport: "<your_own_value>"
id: "8"
ldb_method: "static"
mappedip: "<your_own_value>"
mappedport: "<your_own_value>"
monitor:
-
name: "default_name_13 (source firewall.ldb-monitor.name)"
name: "default_name_14"
portforward: "disable"
protocol: "tcp"
realservers:
-
client_ip: "<your_own_value>"
healthcheck: "disable"
holddown_interval: "20"
id: "21"
ip: "<your_own_value>"
max_connections: "23"
monitor: "<your_own_value> (source firewall.ldb-monitor.name)"
port: "25"
status: "active"
weight: "27"
server_type: "http"
src_filter:
-
range: "<your_own_value>"
type: "static-nat"
uuid: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_vip6 – Configure virtual IP for IPv6 in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and vip6 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_vip6 - Configure virtual IP for IPv6. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- arp_reply - Enable to respond to ARP requests for this virtual IP address. Enabled by default. type: str choices: disable, enable
- color - Color of icon on the GUI. type: int
- comment - Comment. type: str
- extip - IP address or address range on the external interface that you want to map to an address or address range on the destination network. type: str
- extport - Incoming port number range that you want to map to a port number range on the destination network. type: str
- http_cookie_age - Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit. type: int
- http_cookie_domain - Domain that HTTP cookie persistence should apply to. type: str
- http_cookie_domain_from_host - Enable/disable use of HTTP cookie domain from host field in HTTP. type: str choices: disable, enable
- http_cookie_generation - Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies. type: int
- http_cookie_path - Limit HTTP cookie persistence to the specified path. type: str
- http_cookie_share - Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. type: str choices: disable, same-ip
- http_ip_header - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. type: str choices: enable, disable
- http_ip_header_name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used. type: str
- http_multiplex - Enable/disable HTTP multiplexing. type: str choices: enable, disable
- https_cookie_secure - Enable/disable verification that inserted HTTPS cookies are secure. type: str choices: disable, enable
- id - Custom defined ID. type: int
- ldb_method - Method used to distribute sessions to real servers. type: str choices: static, round-robin, weighted, least-session, least-rtt, first-alive, http-host
- mappedip - Mapped IP address range in the format startIP-endIP. type: str
- mappedport - Port number range on the destination network to which the external port number range is mapped. type: str
- max_embryonic_connections - Maximum number of incomplete connections. type: int
- monitor - Name of the health check monitor to use when polling to determine a virtual server"s connectivity status. type: list
- name - Health monitor name. Source firewall.ldb-monitor.name. type: str required: True
- name - Virtual ip6 name. type: str required: True
- outlook_web_access - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. type: str choices: disable, enable
- persistence - Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. type: str choices: none, http-cookie, ssl-session-id
- portforward - Enable port forwarding. type: str choices: disable, enable
- protocol - Protocol to use when forwarding packets. type: str choices: tcp, udp, sctp
- realservers - Select the real servers that this server load balancing VIP will distribute traffic to. type: list
- client_ip - Only clients in this IP range can connect to this real server. type: str
- healthcheck - Enable to check the responsiveness of the real server before forwarding traffic. type: str choices: disable, enable, vip
- holddown_interval - Time in seconds that the health check monitor continues to monitor an unresponsive server that should be active. type: int
- http_host - HTTP server domain name in HTTP header. type: str
- id - Real server ID. type: int required: True
- ip - IPv6 address of the real server. type: str
- max_connections - Max number of active connections that can directed to the real server. When reached, sessions are sent to other real servers. type: int
- monitor - Name of the health check monitor to use when polling to determine a virtual server"s connectivity status. Source firewall .ldb-monitor.name. type: str
- port - Port for communicating with the real server. Required if port forwarding is enabled. type: int
- status - Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. type: str choices: active, standby, disable
- weight - Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections. type: int
- server_type - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). type: str choices: http, https, imaps, pop3s, smtps, ssl, tcp, udp, ip
- src_filter - Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces. type: list
- range - Source-filter range. type: str required: True
- ssl_algorithm - Permitted encryption algorithms for SSL sessions according to encryption strength. type: str choices: high, medium, low, custom
- ssl_certificate - The name of the SSL certificate to use for SSL acceleration. Source vpn.certificate.local.name. type: str
- ssl_cipher_suites - SSL/TLS cipher suites acceptable from a client, ordered by priority. type: list
- cipher - Cipher suite name. type: str choices: TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA, TLS-RSA-WITH-DES-CBC-SHA
- priority - SSL/TLS cipher suites priority. type: int required: True
- versions - SSL/TLS versions that the cipher suite can be used with. type: str choices: ssl-3.0, tls-1.0, tls-1.1, tls-1.2
- ssl_client_fallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). type: str choices: disable, enable
- ssl_client_renegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. type: str choices: allow, deny, secure
- ssl_client_session_state_max - Maximum number of client to FortiGate SSL session states to keep. type: int
- ssl_client_session_state_timeout - Number of minutes to keep client to FortiGate SSL session state. type: int
- ssl_client_session_state_type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. type: str choices: disable, time, count, both
- ssl_dh_bits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. type: str choices: 768, 1024, 1536, 2048, 3072, 4096
- ssl_hpkp - Enable/disable including HPKP header in response. type: str choices: disable, enable, report-only
- ssl_hpkp_age - Number of minutes the web browser should keep HPKP. type: int
- ssl_hpkp_backup - Certificate to generate backup HPKP pin from. Source vpn.certificate.local.name vpn.certificate.ca.name. type: str
- ssl_hpkp_include_subdomains - Indicate that HPKP header applies to all subdomains. type: str choices: disable, enable
- ssl_hpkp_primary - Certificate to generate primary HPKP pin from. Source vpn.certificate.local.name vpn.certificate.ca.name. type: str
- ssl_hpkp_report_uri - URL to report HPKP violations to. type: str
- ssl_hsts - Enable/disable including HSTS header in response. type: str choices: disable, enable
- ssl_hsts_age - Number of seconds the client should honour the HSTS setting. type: int
- ssl_hsts_include_subdomains - Indicate that HSTS header applies to all subdomains. type: str choices: disable, enable
- ssl_http_location_conversion - Enable to replace HTTP with HTTPS in the reply"s Location HTTP header field. type: str choices: enable, disable
- ssl_http_match_host - Enable/disable HTTP host matching for location conversion. type: str choices: enable, disable
- ssl_max_version - Highest SSL/TLS version acceptable from a client. type: str choices: ssl-3.0, tls-1.0, tls-1.1, tls-1.2
- ssl_min_version - Lowest SSL/TLS version acceptable from a client. type: str choices: ssl-3.0, tls-1.0, tls-1.1, tls-1.2
- ssl_mode - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). type: str choices: half, full
- ssl_pfs - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. type: str choices: require, deny, allow
- ssl_send_empty_frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. type: str choices: enable, disable
- ssl_server_algorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. type: str choices: high, medium, low, custom, client
- ssl_server_cipher_suites - SSL/TLS cipher suites to offer to a server, ordered by priority. type: list
- cipher - Cipher suite name. type: str choices: TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA, TLS-RSA-WITH-DES-CBC-SHA
- priority - SSL/TLS cipher suites priority. type: int required: True
- versions - SSL/TLS versions that the cipher suite can be used with. type: str choices: ssl-3.0, tls-1.0, tls-1.1, tls-1.2
- ssl_server_max_version - Highest SSL/TLS version acceptable from a server. Use the client setting by default. type: str choices: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client
- ssl_server_min_version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default. type: str choices: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client
- ssl_server_session_state_max - Maximum number of FortiGate to Server SSL session states to keep. type: int
- ssl_server_session_state_timeout - Number of minutes to keep FortiGate to Server SSL session state. type: int
- ssl_server_session_state_type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. type: str choices: disable, time, count, both
- type - Configure a static NAT or server load balance VIP. type: str choices: static-nat, server-load-balance
- uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str
- weblogic_server - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. type: str choices: disable, enable
- websphere_server - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. type: str choices: disable, enable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure virtual IP for IPv6.
fortios_firewall_vip6:
vdom: "{{ vdom }}"
state: "present"
firewall_vip6:
arp_reply: "disable"
color: "4"
comment: "Comment."
extip: "<your_own_value>"
extport: "<your_own_value>"
http_cookie_age: "8"
http_cookie_domain: "<your_own_value>"
http_cookie_domain_from_host: "disable"
http_cookie_generation: "11"
http_cookie_path: "<your_own_value>"
http_cookie_share: "disable"
http_ip_header: "enable"
http_ip_header_name: "<your_own_value>"
http_multiplex: "enable"
https_cookie_secure: "disable"
id: "18"
ldb_method: "static"
mappedip: "<your_own_value>"
mappedport: "<your_own_value>"
max_embryonic_connections: "22"
monitor:
-
name: "default_name_24 (source firewall.ldb-monitor.name)"
name: "default_name_25"
outlook_web_access: "disable"
persistence: "none"
portforward: "disable"
protocol: "tcp"
realservers:
-
client_ip: "<your_own_value>"
healthcheck: "disable"
holddown_interval: "33"
http_host: "myhostname"
id: "35"
ip: "<your_own_value>"
max_connections: "37"
monitor: "<your_own_value> (source firewall.ldb-monitor.name)"
port: "39"
status: "active"
weight: "41"
server_type: "http"
src_filter:
-
range: "<your_own_value>"
ssl_algorithm: "high"
ssl_certificate: "<your_own_value> (source vpn.certificate.local.name)"
ssl_cipher_suites:
-
cipher: "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256"
priority: "49"
versions: "ssl-3.0"
ssl_client_fallback: "disable"
ssl_client_renegotiation: "allow"
ssl_client_session_state_max: "53"
ssl_client_session_state_timeout: "54"
ssl_client_session_state_type: "disable"
ssl_dh_bits: "768"
ssl_hpkp: "disable"
ssl_hpkp_age: "58"
ssl_hpkp_backup: "<your_own_value> (source vpn.certificate.local.name vpn.certificate.ca.name)"
ssl_hpkp_include_subdomains: "disable"
ssl_hpkp_primary: "<your_own_value> (source vpn.certificate.local.name vpn.certificate.ca.name)"
ssl_hpkp_report_uri: "<your_own_value>"
ssl_hsts: "disable"
ssl_hsts_age: "64"
ssl_hsts_include_subdomains: "disable"
ssl_http_location_conversion: "enable"
ssl_http_match_host: "enable"
ssl_max_version: "ssl-3.0"
ssl_min_version: "ssl-3.0"
ssl_mode: "half"
ssl_pfs: "require"
ssl_send_empty_frags: "enable"
ssl_server_algorithm: "high"
ssl_server_cipher_suites:
-
cipher: "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256"
priority: "76"
versions: "ssl-3.0"
ssl_server_max_version: "ssl-3.0"
ssl_server_min_version: "ssl-3.0"
ssl_server_session_state_max: "80"
ssl_server_session_state_timeout: "81"
ssl_server_session_state_type: "disable"
type: "static-nat"
uuid: "<your_own_value>"
weblogic_server: "disable"
websphere_server: "disable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_vip64 – Configure IPv6 to IPv4 virtual IPs in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and vip64 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_vip64 - Configure IPv6 to IPv4 virtual IPs. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- arp_reply - Enable ARP reply. type: str choices: disable, enable
- color - Color of icon on the GUI. type: int
- comment - Comment. type: str
- extip - Start-external-IP [-end-external-IP]. type: str
- extport - External service port. type: str
- id - Custom defined id. type: int
- ldb_method - Load balance method. type: str choices: static, round-robin, weighted, least-session, least-rtt, first-alive
- mappedip - Start-mapped-IP [-end-mapped-IP]. type: str
- mappedport - Mapped service port. type: str
- monitor - Health monitors. type: list
- name - Health monitor name. Source firewall.ldb-monitor.name. type: str required: True
- name - VIP64 name. type: str required: True
- portforward - Enable port forwarding. type: str choices: disable, enable
- protocol - Mapped port protocol. type: str choices: tcp, udp
- realservers - Real servers. type: list
- client_ip - Restrict server to a client IP in this range. type: str
- healthcheck - Per server health check. type: str choices: disable, enable, vip
- holddown_interval - Hold down interval. type: int
- id - Real server ID. type: int required: True
- ip - Mapped server IP. type: str
- max_connections - Maximum number of connections allowed to server. type: int
- monitor - Health monitors. Source firewall.ldb-monitor.name. type: str
- port - Mapped server port. type: int
- status - Server administrative status. type: str choices: active, standby, disable
- weight - weight type: int
- server_type - Server type. type: str choices: http, tcp, udp, ip
- src_filter - Source IP6 filter (x:x:x:x:x:x:x:x/x). type: list
- range - Src-filter range. type: str required: True
- type - VIP type: static NAT or server load balance. type: str choices: static-nat, server-load-balance
- uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IPv6 to IPv4 virtual IPs.
fortios_firewall_vip64:
vdom: "{{ vdom }}"
state: "present"
firewall_vip64:
arp_reply: "disable"
color: "4"
comment: "Comment."
extip: "<your_own_value>"
extport: "<your_own_value>"
id: "8"
ldb_method: "static"
mappedip: "<your_own_value>"
mappedport: "<your_own_value>"
monitor:
-
name: "default_name_13 (source firewall.ldb-monitor.name)"
name: "default_name_14"
portforward: "disable"
protocol: "tcp"
realservers:
-
client_ip: "<your_own_value>"
healthcheck: "disable"
holddown_interval: "20"
id: "21"
ip: "<your_own_value>"
max_connections: "23"
monitor: "<your_own_value> (source firewall.ldb-monitor.name)"
port: "25"
status: "active"
weight: "27"
server_type: "http"
src_filter:
-
range: "<your_own_value>"
type: "static-nat"
uuid: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_vipgrp – Configure IPv4 virtual IP groups in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and vipgrp category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_vipgrp - Configure IPv4 virtual IP groups. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- color - Integer value to determine the color of the icon in the GUI (range 1 to 32). type: int
- comments - Comment. type: str
- interface - interface Source system.interface.name. type: str
- member - Member VIP objects of the group (Separate multiple objects with a space). type: list
- name - VIP name. Source firewall.vip.name. type: str required: True
- name - VIP group name. type: str required: True
- uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IPv4 virtual IP groups.
fortios_firewall_vipgrp:
vdom: "{{ vdom }}"
state: "present"
firewall_vipgrp:
color: "3"
comments: "<your_own_value>"
interface: "<your_own_value> (source system.interface.name)"
member:
-
name: "default_name_7 (source firewall.vip.name)"
name: "default_name_8"
uuid: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_vipgrp46 – Configure IPv4 to IPv6 virtual IP groups in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and vipgrp46 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_vipgrp46 - Configure IPv4 to IPv6 virtual IP groups. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- color - Integer value to determine the color of the icon in the GUI (range 1 to 32). type: int
- comments - Comment. type: str
- member - Member VIP objects of the group (Separate multiple objects with a space). type: list
- name - VIP46 name. Source firewall.vip46.name. type: str required: True
- name - VIP46 group name. type: str required: True
- uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IPv4 to IPv6 virtual IP groups.
fortios_firewall_vipgrp46:
vdom: "{{ vdom }}"
state: "present"
firewall_vipgrp46:
color: "3"
comments: "<your_own_value>"
member:
-
name: "default_name_6 (source firewall.vip46.name)"
name: "default_name_7"
uuid: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_vipgrp6 – Configure IPv6 virtual IP groups in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and vipgrp6 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_vipgrp6 - Configure IPv6 virtual IP groups. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- color - Integer value to determine the color of the icon in the GUI (range 1 to 32). type: int
- comments - Comment. type: str
- member - Member VIP objects of the group (Separate multiple objects with a space). type: list
- name - IPv6 VIP name. Source firewall.vip6.name. type: str required: True
- name - IPv6 VIP group name. type: str required: True
- uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IPv6 virtual IP groups.
fortios_firewall_vipgrp6:
vdom: "{{ vdom }}"
state: "present"
firewall_vipgrp6:
color: "3"
comments: "<your_own_value>"
member:
-
name: "default_name_6 (source firewall.vip6.name)"
name: "default_name_7"
uuid: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_vipgrp64 – Configure IPv6 to IPv4 virtual IP groups in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and vipgrp64 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_vipgrp64 - Configure IPv6 to IPv4 virtual IP groups. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- color - Integer value to determine the color of the icon in the GUI (range 1 to 32). type: int
- comments - Comment. type: str
- member - Member VIP objects of the group (Separate multiple objects with a space). type: list
- name - VIP64 name. Source firewall.vip64.name. type: str required: True
- name - VIP64 group name. type: str required: True
- uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IPv6 to IPv4 virtual IP groups.
fortios_firewall_vipgrp64:
vdom: "{{ vdom }}"
state: "present"
firewall_vipgrp64:
color: "3"
comments: "<your_own_value>"
member:
-
name: "default_name_6 (source firewall.vip64.name)"
name: "default_name_7"
uuid: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_wildcard_fqdn_custom – Config global/VDOM Wildcard FQDN address in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall_wildcard_fqdn feature and custom category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_wildcard_fqdn_custom - Config global/VDOM Wildcard FQDN address. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- color - GUI icon color. type: int
- comment - Comment. type: str
- name - Address name. type: str required: True
- uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str
- visibility - Enable/disable address visibility. type: str choices: enable, disable
- wildcard_fqdn - Wildcard FQDN. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Config global/VDOM Wildcard FQDN address.
fortios_firewall_wildcard_fqdn_custom:
vdom: "{{ vdom }}"
state: "present"
firewall_wildcard_fqdn_custom:
color: "3"
comment: "Comment."
name: "default_name_5"
uuid: "<your_own_value>"
visibility: "enable"
wildcard_fqdn: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_firewall_wildcard_fqdn_group – Config global Wildcard FQDN address groups in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall_wildcard_fqdn feature and group category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- firewall_wildcard_fqdn_group - Config global Wildcard FQDN address groups. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- color - GUI icon color. type: int
- comment - Comment. type: str
- member - Address group members. type: list
- name - Address name. Source firewall.wildcard-fqdn.custom.name. type: str required: True
- name - Address group name. type: str required: True
- uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str
- visibility - Enable/disable address visibility. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Config global Wildcard FQDN address groups.
fortios_firewall_wildcard_fqdn_group:
vdom: "{{ vdom }}"
state: "present"
firewall_wildcard_fqdn_group:
color: "3"
comment: "Comment."
member:
-
name: "default_name_6 (source firewall.wildcard-fqdn.custom.name)"
name: "default_name_7"
uuid: "<your_own_value>"
visibility: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_ftp_proxy_explicit – Configure explicit FTP proxy settings in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify ftp_proxy feature and explicit category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- ftp_proxy_explicit - Configure explicit FTP proxy settings. type: dict
- incoming_ip - Accept incoming FTP requests from this IP address. An interface must have this IP address. type: str
- incoming_port - Accept incoming FTP requests on one or more ports. type: str
- outgoing_ip - Outgoing FTP requests will leave from this IP address. An interface must have this IP address. type: str
- sec_default_action - Accept or deny explicit FTP proxy sessions when no FTP proxy firewall policy exists. type: str choices: accept, deny
- status - Enable/disable the explicit FTP proxy. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure explicit FTP proxy settings.
fortios_ftp_proxy_explicit:
vdom: "{{ vdom }}"
ftp_proxy_explicit:
incoming_ip: "<your_own_value>"
incoming_port: "<your_own_value>"
outgoing_ip: "<your_own_value>"
sec_default_action: "accept"
status: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_icap_profile – Configure ICAP profiles in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify icap feature and profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- icap_profile - Configure ICAP profiles. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- methods - The allowed HTTP methods that will be sent to ICAP server for further processing. type: str choices: delete, get, head, options, post, put, trace, other
- name - ICAP profile name. type: str required: True
- replacemsg_group - Replacement message group. Source system.replacemsg-group.name. type: str
- request - Enable/disable whether an HTTP request is passed to an ICAP server. type: str choices: disable, enable
- request_failure - Action to take if the ICAP server cannot be contacted when processing an HTTP request. type: str choices: error, bypass
- request_path - Path component of the ICAP URI that identifies the HTTP request processing service. type: str
- request_server - ICAP server to use for an HTTP request. Source icap.server.name. type: str
- response - Enable/disable whether an HTTP response is passed to an ICAP server. type: str choices: disable, enable
- response_failure - Action to take if the ICAP server cannot be contacted when processing an HTTP response. type: str choices: error, bypass
- response_path - Path component of the ICAP URI that identifies the HTTP response processing service. type: str
- response_server - ICAP server to use for an HTTP response. Source icap.server.name. type: str
- streaming_content_bypass - Enable/disable bypassing of ICAP server for streaming content. type: str choices: disable, enable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure ICAP profiles.
fortios_icap_profile:
vdom: "{{ vdom }}"
state: "present"
icap_profile:
methods: "delete"
name: "default_name_4"
replacemsg_group: "<your_own_value> (source system.replacemsg-group.name)"
request: "disable"
request_failure: "error"
request_path: "<your_own_value>"
request_server: "<your_own_value> (source icap.server.name)"
response: "disable"
response_failure: "error"
response_path: "<your_own_value>"
response_server: "<your_own_value> (source icap.server.name)"
streaming_content_bypass: "disable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_icap_server – Configure ICAP servers in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify icap feature and server category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- icap_server - Configure ICAP servers. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- ip_address - IPv4 address of the ICAP server. type: str
- ip_version - IP version. type: str choices: 4, 6
- ip6_address - IPv6 address of the ICAP server. type: str
- max_connections - Maximum number of concurrent connections to ICAP server. type: int
- name - Server name. type: str required: True
- port - ICAP server port. type: int
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure ICAP servers.
fortios_icap_server:
vdom: "{{ vdom }}"
state: "present"
icap_server:
ip_address: "<your_own_value>"
ip_version: "4"
ip6_address: "<your_own_value>"
max_connections: "6"
name: "default_name_7"
port: "8"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_ips_custom – Configure IPS custom signature in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify ips feature and custom category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- ips_custom - Configure IPS custom signature. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- action - Default action (pass or block) for this signature. type: str choices: pass, block
- application - Applications to be protected. Blank for all applications. type: str
- comment - Comment. type: str
- location - Protect client or server traffic. type: str
- log - Enable/disable logging. type: str choices: disable, enable
- log_packet - Enable/disable packet logging. type: str choices: disable, enable
- os - Operating system(s) that the signature protects. Blank for all operating systems. type: str
- protocol - Protocol(s) that the signature scans. Blank for all protocols. type: str
- rule_id - Signature ID. type: int
- severity - Relative severity of the signature, from info to critical. Log messages generated by the signature include the severity. type: str
- sig_name - Signature name. type: str
- signature - Custom signature enclosed in single quotes. type: str
- status - Enable/disable this signature. type: str choices: disable, enable
- tag - Signature tag. type: str required: True
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IPS custom signature.
fortios_ips_custom:
vdom: "{{ vdom }}"
state: "present"
ips_custom:
action: "pass"
application: "<your_own_value>"
comment: "Comment."
location: "<your_own_value>"
log: "disable"
log_packet: "disable"
os: "<your_own_value>"
protocol: "<your_own_value>"
rule_id: "11"
severity: "<your_own_value>"
sig_name: "<your_own_value>"
signature: "<your_own_value>"
status: "disable"
tag: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_ips_decoder – Configure IPS decoder in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify ips feature and decoder category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- ips_decoder - Configure IPS decoder. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- name - Decoder name. type: str required: True
- parameter - IPS group parameters. type: list
- name - Parameter name. type: str required: True
- value - Parameter value. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IPS decoder.
fortios_ips_decoder:
vdom: "{{ vdom }}"
state: "present"
ips_decoder:
name: "default_name_3"
parameter:
-
name: "default_name_5"
value: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_ips_global – Configure IPS global parameter in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify ips feature and global category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- ips_global - Configure IPS global parameter. type: dict
- anomaly_mode - Global blocking mode for rate-based anomalies. type: str choices: periodical, continuous
- database - Regular or extended IPS database. Regular protects against the latest common and in-the-wild attacks. Extended includes protection from legacy attacks. type: str choices: regular, extended
- deep_app_insp_db_limit - Limit on number of entries in deep application inspection database (1 - 2147483647, 0 = use recommended setting) type: int
- deep_app_insp_timeout - Timeout for Deep application inspection (1 - 2147483647 sec., 0 = use recommended setting). type: int
- engine_count - Number of IPS engines running. If set to the default value of 0, FortiOS sets the number to optimize performance depending on the number of CPU cores. type: int
- exclude_signatures - Excluded signatures. type: str choices: none, industrial
- fail_open - Enable to allow traffic if the IPS process crashes. Default is disable and IPS traffic is blocked when the IPS process crashes. type: str choices: enable, disable
- intelligent_mode - Enable/disable IPS adaptive scanning (intelligent mode). Intelligent mode optimizes the scanning method for the type of traffic. type: str choices: enable, disable
- session_limit_mode - Method of counting concurrent sessions used by session limit anomalies. Choose between greater accuracy (accurate) or improved performance (heuristics). type: str choices: accurate, heuristic
- skype_client_public_ipaddr - Public IP addresses of your network that receive Skype sessions. Helps identify Skype sessions. Separate IP addresses with commas. type: str
- socket_size - IPS socket buffer size (0 - 256 MB). Default depends on available memory. Can be changed to tune performance. type: int
- sync_session_ttl - Enable/disable use of kernel session TTL for IPS sessions. type: str choices: enable, disable
- traffic_submit - Enable/disable submitting attack data found by this FortiGate to FortiGuard. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IPS global parameter.
fortios_ips_global:
vdom: "{{ vdom }}"
ips_global:
anomaly_mode: "periodical"
database: "regular"
deep_app_insp_db_limit: "5"
deep_app_insp_timeout: "6"
engine_count: "7"
exclude_signatures: "none"
fail_open: "enable"
intelligent_mode: "enable"
session_limit_mode: "accurate"
skype_client_public_ipaddr: "<your_own_value>"
socket_size: "13"
sync_session_ttl: "enable"
traffic_submit: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_ips_rule – Configure IPS rules in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify ips feature and rule category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- ips_rule - Configure IPS rules. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- action - Action. type: str choices: pass, block
- application - Vulnerable applications. type: str
- date - Date. type: int
- group - Group. type: str
- location - Vulnerable location. type: str
- log - Enable/disable logging. type: str choices: disable, enable
- log_packet - Enable/disable packet logging. type: str choices: disable, enable
- metadata - Meta data. type: list
- id - ID. type: int required: True
- metaid - Meta ID. type: int
- valueid - Value ID. type: int
- name - Rule name. type: str required: True
- os - Vulnerable operation systems. type: str
- rev - Revision. type: int
- rule_id - Rule ID. type: int
- service - Vulnerable service. type: str
- severity - Severity. type: str
- status - Enable/disable status. type: str choices: disable, enable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IPS rules.
fortios_ips_rule:
vdom: "{{ vdom }}"
state: "present"
ips_rule:
action: "pass"
application: "<your_own_value>"
date: "5"
group: "<your_own_value>"
location: "<your_own_value>"
log: "disable"
log_packet: "disable"
metadata:
-
id: "11"
metaid: "12"
valueid: "13"
name: "default_name_14"
os: "<your_own_value>"
rev: "16"
rule_id: "17"
service: "<your_own_value>"
severity: "<your_own_value>"
status: "disable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_ips_rule_settings – Configure IPS rule setting in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify ips feature and rule_settings category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- ips_rule_settings - Configure IPS rule setting. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- id - Rule ID. type: int required: True
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IPS rule setting.
fortios_ips_rule_settings:
vdom: "{{ vdom }}"
state: "present"
ips_rule_settings:
id: "3"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_ips_sensor – Configure IPS sensor in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify ips feature and sensor category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- ips_sensor - Configure IPS sensor. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- block_malicious_url - Enable/disable malicious URL blocking. type: str choices: disable, enable
- comment - Comment. type: str
- entries - IPS sensor filter. type: list
- action - Action taken with traffic in which signatures are detected. type: str choices: pass, block, reset, default
- application - Applications to be protected. set application ? lists available applications. all includes all applications. other includes all unlisted applications. type: str
- exempt_ip - Traffic from selected source or destination IP addresses is exempt from this signature. type: list
- dst_ip - Destination IP address and netmask. type: str
- id - Exempt IP ID. type: int required: True
- src_ip - Source IP address and netmask. type: str
- id - Rule ID in IPS database (0 - 4294967295). type: int required: True
- location - Protect client or server traffic. type: str
- log - Enable/disable logging of signatures included in filter. type: str choices: disable, enable
- log_attack_context - Enable/disable logging of attack context: URL buffer, header buffer, body buffer, packet buffer. type: str choices: disable, enable
- log_packet - Enable/disable packet logging. Enable to save the packet that triggers the filter. You can download the packets in pcap format for diagnostic use. type: str choices: disable, enable
- os - Operating systems to be protected. all includes all operating systems. other includes all unlisted operating systems. type: str
- protocol - Protocols to be examined. set protocol ? lists available protocols. all includes all protocols. other includes all unlisted protocols. type: str
- quarantine - Quarantine method. type: str choices: none, attacker
- quarantine_expiry - Duration of quarantine. (Format type: str
- quarantine_log - Enable/disable quarantine logging. type: str choices: disable, enable
- rate_count - Count of the rate. type: int
- rate_duration - Duration (sec) of the rate. type: int
- rate_mode - Rate limit mode. type: str choices: periodical, continuous
- rate_track - Track the packet protocol field. type: str choices: none, src-ip, dest-ip, dhcp-client-mac, dns-domain
- rule - Identifies the predefined or custom IPS signatures to add to the sensor. type: list
- id - Rule IPS. type: int required: True
- severity - Relative severity of the signature, from info to critical. Log messages generated by the signature include the severity. type: str
- status - Status of the signatures included in filter. default enables the filter and only use filters with default status of enable. Filters with default status of disable will not be used. type: str choices: disable, enable, default
- extended_log - Enable/disable extended logging. type: str choices: enable, disable
- filter - IPS sensor filter. type: list
- action - Action of selected rules. type: str choices: pass, block, reset, default
- application - Vulnerable application filter. type: str
- location - Vulnerability location filter. type: str
- log - Enable/disable logging of selected rules. type: str choices: disable, enable
- log_packet - Enable/disable packet logging of selected rules. type: str choices: disable, enable
- name - Filter name. type: str required: True
- os - Vulnerable OS filter. type: str
- protocol - Vulnerable protocol filter. type: str
- quarantine - Quarantine IP or interface. type: str choices: none, attacker
- quarantine_expiry - Duration of quarantine in minute. type: int
- quarantine_log - Enable/disable logging of selected quarantine. type: str choices: disable, enable
- severity - Vulnerability severity filter. type: str
- status - Selected rules status. type: str choices: disable, enable, default
- name - Sensor name. type: str required: True
- override - IPS override rule. type: list
- action - Action of override rule. type: str choices: pass, block, reset
- exempt_ip - Exempted IP. type: list
- dst_ip - Destination IP address and netmask. type: str
- id - Exempt IP ID. type: int required: True
- src_ip - Source IP address and netmask. type: str
- log - Enable/disable logging. type: str choices: disable, enable
- log_packet - Enable/disable packet logging. type: str choices: disable, enable
- quarantine - Quarantine IP or interface. type: str choices: none, attacker
- quarantine_expiry - Duration of quarantine in minute. type: int
- quarantine_log - Enable/disable logging of selected quarantine. type: str choices: disable, enable
- rule_id - Override rule ID. type: int
- status - Enable/disable status of override rule. type: str choices: disable, enable
- replacemsg_group - Replacement message group. Source system.replacemsg-group.name. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IPS sensor.
fortios_ips_sensor:
vdom: "{{ vdom }}"
state: "present"
ips_sensor:
block_malicious_url: "disable"
comment: "Comment."
entries:
-
action: "pass"
application: "<your_own_value>"
exempt_ip:
-
dst_ip: "<your_own_value>"
id: "10"
src_ip: "<your_own_value>"
id: "12"
location: "<your_own_value>"
log: "disable"
log_attack_context: "disable"
log_packet: "disable"
os: "<your_own_value>"
protocol: "<your_own_value>"
quarantine: "none"
quarantine_expiry: "<your_own_value>"
quarantine_log: "disable"
rate_count: "22"
rate_duration: "23"
rate_mode: "periodical"
rate_track: "none"
rule:
-
id: "27"
severity: "<your_own_value>"
status: "disable"
extended_log: "enable"
filter:
-
action: "pass"
application: "<your_own_value>"
location: "<your_own_value>"
log: "disable"
log_packet: "disable"
name: "default_name_37"
os: "<your_own_value>"
protocol: "<your_own_value>"
quarantine: "none"
quarantine_expiry: "41"
quarantine_log: "disable"
severity: "<your_own_value>"
status: "disable"
name: "default_name_45"
override:
-
action: "pass"
exempt_ip:
-
dst_ip: "<your_own_value>"
id: "50"
src_ip: "<your_own_value>"
log: "disable"
log_packet: "disable"
quarantine: "none"
quarantine_expiry: "55"
quarantine_log: "disable"
rule_id: "57"
status: "disable"
replacemsg_group: "<your_own_value> (source system.replacemsg-group.name)"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_ips_settings – Configure IPS VDOM parameter in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify ips feature and settings category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- ips_settings - Configure IPS VDOM parameter. type: dict
- ips_packet_quota - Maximum amount of disk space in MB for logged packets when logging to disk. Range depends on disk size. type: int
- packet_log_history - Number of packets to capture before and including the one in which the IPS signature is detected (1 - 255). type: int
- packet_log_memory - Maximum memory can be used by packet log (64 - 8192 kB). type: int
- packet_log_post_attack - Number of packets to log after the IPS signature is detected (0 - 255). type: int
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IPS VDOM parameter.
fortios_ips_settings:
vdom: "{{ vdom }}"
ips_settings:
ips_packet_quota: "3"
packet_log_history: "4"
packet_log_memory: "5"
packet_log_post_attack: "6"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_log_custom_field – Configure custom log fields in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log feature and custom_field category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- log_custom_field - Configure custom log fields. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- id - field ID
. type: str required: True - name - Field name (max: 15 characters). type: str
- value - Field value (max: 15 characters). type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure custom log fields.
fortios_log_custom_field:
vdom: "{{ vdom }}"
state: "present"
log_custom_field:
id: "3"
name: "default_name_4"
value: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_log_disk_filter – Configure filters for local disk logging. Use these filters to determine the log messages to record according to severity and type in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_disk feature and filter category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- log_disk_filter - Configure filters for local disk logging. Use these filters to determine the log messages to record according to severity and type. type: dict
- admin - Enable/disable admin login/logout logging. type: str choices: enable, disable
- anomaly - Enable/disable anomaly logging. type: str choices: enable, disable
- auth - Enable/disable firewall authentication logging. type: str choices: enable, disable
- cpu_memory_usage - Enable/disable CPU & memory usage logging every 5 minutes. type: str choices: enable, disable
- dhcp - Enable/disable DHCP service messages logging. type: str choices: enable, disable
- dlp_archive - Enable/disable DLP archive logging. type: str choices: enable, disable
- dns - Enable/disable detailed DNS event logging. type: str choices: enable, disable
- event - Enable/disable event logging. type: str choices: enable, disable
- filter - Disk log filter. type: str
- filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude
- forward_traffic - Enable/disable forward traffic logging. type: str choices: enable, disable
- gtp - Enable/disable GTP messages logging. type: str choices: enable, disable
- ha - Enable/disable HA logging. type: str choices: enable, disable
- ipsec - Enable/disable IPsec negotiation messages logging. type: str choices: enable, disable
- ldb_monitor - Enable/disable VIP real server health monitoring logging. type: str choices: enable, disable
- local_traffic - Enable/disable local in or out traffic logging. type: str choices: enable, disable
- multicast_traffic - Enable/disable multicast traffic logging. type: str choices: enable, disable
- netscan_discovery - Enable/disable netscan discovery event logging. type: str
- netscan_vulnerability - Enable/disable netscan vulnerability event logging. type: str
- pattern - Enable/disable pattern update logging. type: str choices: enable, disable
- ppp - Enable/disable L2TP/PPTP/PPPoE logging. type: str choices: enable, disable
- radius - Enable/disable RADIUS messages logging. type: str choices: enable, disable
- severity - Log to disk every message above and including this severity level. type: str choices: emergency, alert, critical, error, warning, notification, information, debug
- sniffer_traffic - Enable/disable sniffer traffic logging. type: str choices: enable, disable
- ssh - Enable/disable SSH logging. type: str choices: enable, disable
- sslvpn_log_adm - Enable/disable SSL administrator login logging. type: str choices: enable, disable
- sslvpn_log_auth - Enable/disable SSL user authentication logging. type: str choices: enable, disable
- sslvpn_log_session - Enable/disable SSL session logging. type: str choices: enable, disable
- system - Enable/disable system activity logging. type: str choices: enable, disable
- vip_ssl - Enable/disable VIP SSL logging. type: str choices: enable, disable
- voip - Enable/disable VoIP logging. type: str choices: enable, disable
- wan_opt - Enable/disable WAN optimization event logging. type: str choices: enable, disable
- wireless_activity - Enable/disable wireless activity event logging. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure filters for local disk logging. Use these filters to determine the log messages to record according to severity and type.
fortios_log_disk_filter:
vdom: "{{ vdom }}"
log_disk_filter:
admin: "enable"
anomaly: "enable"
auth: "enable"
cpu_memory_usage: "enable"
dhcp: "enable"
dlp_archive: "enable"
dns: "enable"
event: "enable"
filter: "<your_own_value>"
filter_type: "include"
forward_traffic: "enable"
gtp: "enable"
ha: "enable"
ipsec: "enable"
ldb_monitor: "enable"
local_traffic: "enable"
multicast_traffic: "enable"
netscan_discovery: "<your_own_value>"
netscan_vulnerability: "<your_own_value>"
pattern: "enable"
ppp: "enable"
radius: "enable"
severity: "emergency"
sniffer_traffic: "enable"
ssh: "enable"
sslvpn_log_adm: "enable"
sslvpn_log_auth: "enable"
sslvpn_log_session: "enable"
system: "enable"
vip_ssl: "enable"
voip: "enable"
wan_opt: "enable"
wireless_activity: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_log_disk_setting – Settings for local disk logging in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_disk feature and setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- log_disk_setting - Settings for local disk logging. type: dict
- diskfull - Action to take when disk is full. The system can overwrite the oldest log messages or stop logging when the disk is full . type: str choices: overwrite, nolog
- dlp_archive_quota - DLP archive quota (MB). type: int
- full_final_warning_threshold - Log full final warning threshold as a percent (3 - 100). type: int
- full_first_warning_threshold - Log full first warning threshold as a percent (1 - 98). type: int
- full_second_warning_threshold - Log full second warning threshold as a percent (2 - 99). type: int
- ips_archive - Enable/disable IPS packet archiving to the local disk. type: str choices: enable, disable
- log_quota - Disk log quota (MB). type: int
- max_log_file_size - Maximum log file size before rolling (1 - 100 Mbytes). type: int
- max_policy_packet_capture_size - Maximum size of policy sniffer in MB (0 means unlimited). type: int
- maximum_log_age - Delete log files older than (days). type: int
- report_quota - Report quota (MB). type: int
- roll_day - Day of week on which to roll log file. type: str choices: sunday, monday, tuesday, wednesday, thursday, friday, saturday
- roll_schedule - Frequency to check log file for rolling. type: str choices: daily, weekly
- roll_time - Time of day to roll the log file (hh:mm). type: str
- source_ip - Source IP address to use for uploading disk log files. type: str
- status - Enable/disable local disk logging. type: str choices: enable, disable
- upload - Enable/disable uploading log files when they are rolled. type: str choices: enable, disable
- upload_delete_files - Delete log files after uploading . type: str choices: enable, disable
- upload_destination - The type of server to upload log files to. Only FTP is currently supported. type: str choices: ftp-server
- upload_ssl_conn - Enable/disable encrypted FTPS communication to upload log files. type: str choices: default, high, low, disable
- uploaddir - The remote directory on the FTP server to upload log files to. type: str
- uploadip - IP address of the FTP server to upload log files to. type: str
- uploadpass - Password required to log into the FTP server to upload disk log files. type: str
- uploadport - TCP port to use for communicating with the FTP server . type: int
- uploadsched - Set the schedule for uploading log files to the FTP server . type: str choices: disable, enable
- uploadtime - Time of day at which log files are uploaded if uploadsched is enabled (hh:mm or hh). type: str
- uploadtype - Types of log files to upload. Separate multiple entries with a space. type: str choices: traffic, event, virus, webfilter, IPS, spamfilter, dlp-archive, anomaly, voip, dlp, app-ctrl, waf, netscan, gtp, dns
- uploaduser - Username required to log into the FTP server to upload disk log files. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Settings for local disk logging.
fortios_log_disk_setting:
vdom: "{{ vdom }}"
log_disk_setting:
diskfull: "overwrite"
dlp_archive_quota: "4"
full_final_warning_threshold: "5"
full_first_warning_threshold: "6"
full_second_warning_threshold: "7"
ips_archive: "enable"
log_quota: "9"
max_log_file_size: "10"
max_policy_packet_capture_size: "11"
maximum_log_age: "12"
report_quota: "13"
roll_day: "sunday"
roll_schedule: "daily"
roll_time: "<your_own_value>"
source_ip: "84.230.14.43"
status: "enable"
upload: "enable"
upload_delete_files: "enable"
upload_destination: "ftp-server"
upload_ssl_conn: "default"
uploaddir: "<your_own_value>"
uploadip: "<your_own_value>"
uploadpass: "<your_own_value>"
uploadport: "26"
uploadsched: "disable"
uploadtime: "<your_own_value>"
uploadtype: "traffic"
uploaduser: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_log_eventfilter – Configure log event filters in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log feature and eventfilter category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- log_eventfilter - Configure log event filters. type: dict
- compliance_check - Enable/disable PCI DSS compliance check logging. type: str choices: enable, disable
- endpoint - Enable/disable endpoint event logging. type: str choices: enable, disable
- event - Enable/disable event logging. type: str choices: enable, disable
- ha - Enable/disable ha event logging. type: str choices: enable, disable
- router - Enable/disable router event logging. type: str choices: enable, disable
- security_rating - Enable/disable Security Rating result logging. type: str choices: enable, disable
- system - Enable/disable system event logging. type: str choices: enable, disable
- user - Enable/disable user authentication event logging. type: str choices: enable, disable
- vpn - Enable/disable VPN event logging. type: str choices: enable, disable
- wan_opt - Enable/disable WAN optimization event logging. type: str choices: enable, disable
- wireless_activity - Enable/disable wireless event logging. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure log event filters.
fortios_log_eventfilter:
vdom: "{{ vdom }}"
log_eventfilter:
compliance_check: "enable"
endpoint: "enable"
event: "enable"
ha: "enable"
router: "enable"
security_rating: "enable"
system: "enable"
user: "enable"
vpn: "enable"
wan_opt: "enable"
wireless_activity: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_log_fortianalyzer2_filter – Filters for FortiAnalyzer in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_fortianalyzer2 feature and filter category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- log_fortianalyzer2_filter - Filters for FortiAnalyzer. type: dict
- anomaly - Enable/disable anomaly logging. type: str choices: enable, disable
- dlp_archive - Enable/disable DLP archive logging. type: str choices: enable, disable
- dns - Enable/disable detailed DNS event logging. type: str choices: enable, disable
- filter - FortiAnalyzer 2 log filter. type: str
- filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude
- forward_traffic - Enable/disable forward traffic logging. type: str choices: enable, disable
- gtp - Enable/disable GTP messages logging. type: str choices: enable, disable
- local_traffic - Enable/disable local in or out traffic logging. type: str choices: enable, disable
- multicast_traffic - Enable/disable multicast traffic logging. type: str choices: enable, disable
- netscan_discovery - Enable/disable netscan discovery event logging. type: str
- netscan_vulnerability - Enable/disable netscan vulnerability event logging. type: str
- severity - Log every message above and including this severity level. type: str choices: emergency, alert, critical, error, warning, notification, information, debug
- sniffer_traffic - Enable/disable sniffer traffic logging. type: str choices: enable, disable
- ssh - Enable/disable SSH logging. type: str choices: enable, disable
- voip - Enable/disable VoIP logging. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Filters for FortiAnalyzer.
fortios_log_fortianalyzer2_filter:
vdom: "{{ vdom }}"
log_fortianalyzer2_filter:
anomaly: "enable"
dlp_archive: "enable"
dns: "enable"
filter: "<your_own_value>"
filter_type: "include"
forward_traffic: "enable"
gtp: "enable"
local_traffic: "enable"
multicast_traffic: "enable"
netscan_discovery: "<your_own_value>"
netscan_vulnerability: "<your_own_value>"
severity: "emergency"
sniffer_traffic: "enable"
ssh: "enable"
voip: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_log_fortianalyzer2_setting – Global FortiAnalyzer settings in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_fortianalyzer2 feature and setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- log_fortianalyzer2_setting - Global FortiAnalyzer settings. type: dict
- __change_ip - Hidden attribute. type: int
- certificate - Certificate used to communicate with FortiAnalyzer. Source certificate.local.name. type: str
- conn_timeout - FortiAnalyzer connection time-out in seconds (for status and log buffer). type: int
- enc_algorithm - Enable/disable sending FortiAnalyzer log data with SSL encryption. type: str choices: high-medium, high, low
- faz_type - Hidden setting index of FortiAnalyzer. type: int
- hmac_algorithm - FortiAnalyzer IPsec tunnel HMAC algorithm. type: str choices: sha256, sha1
- ips_archive - Enable/disable IPS packet archive logging. type: str choices: enable, disable
- mgmt_name - Hidden management name of FortiAnalyzer. type: str
- monitor_failure_retry_period - Time between FortiAnalyzer connection retries in seconds (for status and log buffer). type: int
- monitor_keepalive_period - Time between OFTP keepalives in seconds (for status and log buffer). type: int
- reliable - Enable/disable reliable logging to FortiAnalyzer. type: str choices: enable, disable
- server - The remote FortiAnalyzer. type: str
- source_ip - Source IPv4 or IPv6 address used to communicate with FortiAnalyzer. type: str
- ssl_min_proto_version - Minimum supported protocol version for SSL/TLS connections . type: str choices: default, SSLv3, TLSv1, TLSv1-1, TLSv1-2
- status - Enable/disable logging to FortiAnalyzer. type: str choices: enable, disable
- upload_day - Day of week (month) to upload logs. type: str
- upload_interval - Frequency to upload log files to FortiAnalyzer. type: str choices: daily, weekly, monthly
- upload_option - Enable/disable logging to hard disk and then uploading to FortiAnalyzer. type: str choices: store-and-upload, realtime, 1-minute, 5-minute
- upload_time - Time to upload logs (hh:mm). type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Global FortiAnalyzer settings.
fortios_log_fortianalyzer2_setting:
vdom: "{{ vdom }}"
log_fortianalyzer2_setting:
__change_ip: "3"
certificate: "<your_own_value> (source certificate.local.name)"
conn_timeout: "5"
enc_algorithm: "high-medium"
faz_type: "7"
hmac_algorithm: "sha256"
ips_archive: "enable"
mgmt_name: "<your_own_value>"
monitor_failure_retry_period: "11"
monitor_keepalive_period: "12"
reliable: "enable"
server: "192.168.100.40"
source_ip: "84.230.14.43"
ssl_min_proto_version: "default"
status: "enable"
upload_day: "<your_own_value>"
upload_interval: "daily"
upload_option: "store-and-upload"
upload_time: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_log_fortianalyzer3_filter – Filters for FortiAnalyzer in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_fortianalyzer3 feature and filter category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- log_fortianalyzer3_filter - Filters for FortiAnalyzer. type: dict
- anomaly - Enable/disable anomaly logging. type: str choices: enable, disable
- dlp_archive - Enable/disable DLP archive logging. type: str choices: enable, disable
- dns - Enable/disable detailed DNS event logging. type: str choices: enable, disable
- filter - FortiAnalyzer 3 log filter. type: str
- filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude
- forward_traffic - Enable/disable forward traffic logging. type: str choices: enable, disable
- gtp - Enable/disable GTP messages logging. type: str choices: enable, disable
- local_traffic - Enable/disable local in or out traffic logging. type: str choices: enable, disable
- multicast_traffic - Enable/disable multicast traffic logging. type: str choices: enable, disable
- netscan_discovery - Enable/disable netscan discovery event logging. type: str
- netscan_vulnerability - Enable/disable netscan vulnerability event logging. type: str
- severity - Lowest severity level to log. type: str choices: emergency, alert, critical, error, warning, notification, information, debug
- sniffer_traffic - Enable/disable sniffer traffic logging. type: str choices: enable, disable
- ssh - Enable/disable SSH logging. type: str choices: enable, disable
- voip - Enable/disable VoIP logging. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Filters for FortiAnalyzer.
fortios_log_fortianalyzer3_filter:
vdom: "{{ vdom }}"
log_fortianalyzer3_filter:
anomaly: "enable"
dlp_archive: "enable"
dns: "enable"
filter: "<your_own_value>"
filter_type: "include"
forward_traffic: "enable"
gtp: "enable"
local_traffic: "enable"
multicast_traffic: "enable"
netscan_discovery: "<your_own_value>"
netscan_vulnerability: "<your_own_value>"
severity: "emergency"
sniffer_traffic: "enable"
ssh: "enable"
voip: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_log_fortianalyzer3_setting – Global FortiAnalyzer settings in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_fortianalyzer3 feature and setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- log_fortianalyzer3_setting - Global FortiAnalyzer settings. type: dict
- __change_ip - Hidden attribute. type: int
- certificate - Certificate used to communicate with FortiAnalyzer. Source certificate.local.name. type: str
- conn_timeout - FortiAnalyzer connection time-out in seconds (for status and log buffer). type: int
- enc_algorithm - Enable/disable sending FortiAnalyzer log data with SSL encryption. type: str choices: high-medium, high, low
- faz_type - Hidden setting index of FortiAnalyzer. type: int
- hmac_algorithm - FortiAnalyzer IPsec tunnel HMAC algorithm. type: str choices: sha256, sha1
- ips_archive - Enable/disable IPS packet archive logging. type: str choices: enable, disable
- mgmt_name - Hidden management name of FortiAnalyzer. type: str
- monitor_failure_retry_period - Time between FortiAnalyzer connection retries in seconds (for status and log buffer). type: int
- monitor_keepalive_period - Time between OFTP keepalives in seconds (for status and log buffer). type: int
- reliable - Enable/disable reliable logging to FortiAnalyzer. type: str choices: enable, disable
- server - The remote FortiAnalyzer. type: str
- source_ip - Source IPv4 or IPv6 address used to communicate with FortiAnalyzer. type: str
- ssl_min_proto_version - Minimum supported protocol version for SSL/TLS connections . type: str choices: default, SSLv3, TLSv1, TLSv1-1, TLSv1-2
- status - Enable/disable logging to FortiAnalyzer. type: str choices: enable, disable
- upload_day - Day of week (month) to upload logs. type: str
- upload_interval - Frequency to upload log files to FortiAnalyzer. type: str choices: daily, weekly, monthly
- upload_option - Enable/disable logging to hard disk and then uploading to FortiAnalyzer. type: str choices: store-and-upload, realtime, 1-minute, 5-minute
- upload_time - Time to upload logs (hh:mm). type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Global FortiAnalyzer settings.
fortios_log_fortianalyzer3_setting:
vdom: "{{ vdom }}"
log_fortianalyzer3_setting:
__change_ip: "3"
certificate: "<your_own_value> (source certificate.local.name)"
conn_timeout: "5"
enc_algorithm: "high-medium"
faz_type: "7"
hmac_algorithm: "sha256"
ips_archive: "enable"
mgmt_name: "<your_own_value>"
monitor_failure_retry_period: "11"
monitor_keepalive_period: "12"
reliable: "enable"
server: "192.168.100.40"
source_ip: "84.230.14.43"
ssl_min_proto_version: "default"
status: "enable"
upload_day: "<your_own_value>"
upload_interval: "daily"
upload_option: "store-and-upload"
upload_time: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_log_fortianalyzer_filter – Filters for FortiAnalyzer in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_fortianalyzer feature and filter category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- log_fortianalyzer_filter - Filters for FortiAnalyzer. type: dict
- anomaly - Enable/disable anomaly logging. type: str choices: enable, disable
- dlp_archive - Enable/disable DLP archive logging. type: str choices: enable, disable
- dns - Enable/disable detailed DNS event logging. type: str choices: enable, disable
- filter - FortiAnalyzer log filter. type: str
- filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude
- forward_traffic - Enable/disable forward traffic logging. type: str choices: enable, disable
- gtp - Enable/disable GTP messages logging. type: str choices: enable, disable
- local_traffic - Enable/disable local in or out traffic logging. type: str choices: enable, disable
- multicast_traffic - Enable/disable multicast traffic logging. type: str choices: enable, disable
- netscan_discovery - Enable/disable netscan discovery event logging. type: str
- netscan_vulnerability - Enable/disable netscan vulnerability event logging. type: str
- severity - Lowest severity level to log. type: str choices: emergency, alert, critical, error, warning, notification, information, debug
- sniffer_traffic - Enable/disable sniffer traffic logging. type: str choices: enable, disable
- ssh - Enable/disable SSH logging. type: str choices: enable, disable
- voip - Enable/disable VoIP logging. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Filters for FortiAnalyzer.
fortios_log_fortianalyzer_filter:
vdom: "{{ vdom }}"
log_fortianalyzer_filter:
anomaly: "enable"
dlp_archive: "enable"
dns: "enable"
filter: "<your_own_value>"
filter_type: "include"
forward_traffic: "enable"
gtp: "enable"
local_traffic: "enable"
multicast_traffic: "enable"
netscan_discovery: "<your_own_value>"
netscan_vulnerability: "<your_own_value>"
severity: "emergency"
sniffer_traffic: "enable"
ssh: "enable"
voip: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_log_fortianalyzer_override_filter – Override filters for FortiAnalyzer in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_fortianalyzer feature and override_filter category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- log_fortianalyzer_override_filter - Override filters for FortiAnalyzer. type: dict
- anomaly - Enable/disable anomaly logging. type: str choices: enable, disable
- dlp_archive - Enable/disable DLP archive logging. type: str choices: enable, disable
- dns - Enable/disable detailed DNS event logging. type: str choices: enable, disable
- filter - FortiAnalyzer log filter. type: str
- filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude
- forward_traffic - Enable/disable forward traffic logging. type: str choices: enable, disable
- gtp - Enable/disable GTP messages logging. type: str choices: enable, disable
- local_traffic - Enable/disable local in or out traffic logging. type: str choices: enable, disable
- multicast_traffic - Enable/disable multicast traffic logging. type: str choices: enable, disable
- netscan_discovery - Enable/disable netscan discovery event logging. type: str
- netscan_vulnerability - Enable/disable netscan vulnerability event logging. type: str
- severity - Lowest severity level to log. type: str choices: emergency, alert, critical, error, warning, notification, information, debug
- sniffer_traffic - Enable/disable sniffer traffic logging. type: str choices: enable, disable
- ssh - Enable/disable SSH logging. type: str choices: enable, disable
- voip - Enable/disable VoIP logging. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Override filters for FortiAnalyzer.
fortios_log_fortianalyzer_override_filter:
vdom: "{{ vdom }}"
log_fortianalyzer_override_filter:
anomaly: "enable"
dlp_archive: "enable"
dns: "enable"
filter: "<your_own_value>"
filter_type: "include"
forward_traffic: "enable"
gtp: "enable"
local_traffic: "enable"
multicast_traffic: "enable"
netscan_discovery: "<your_own_value>"
netscan_vulnerability: "<your_own_value>"
severity: "emergency"
sniffer_traffic: "enable"
ssh: "enable"
voip: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_log_fortianalyzer_override_setting – Override FortiAnalyzer settings in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_fortianalyzer feature and override_setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- log_fortianalyzer_override_setting - Override FortiAnalyzer settings. type: dict
- __change_ip - Hidden attribute. type: int
- certificate - Certificate used to communicate with FortiAnalyzer. Source certificate.local.name. type: str
- conn_timeout - FortiAnalyzer connection time-out in seconds (for status and log buffer). type: int
- enc_algorithm - Enable/disable sending FortiAnalyzer log data with SSL encryption. type: str choices: high-medium, high, low
- faz_type - Hidden setting index of FortiAnalyzer. type: int
- hmac_algorithm - FortiAnalyzer IPsec tunnel HMAC algorithm. type: str choices: sha256, sha1
- ips_archive - Enable/disable IPS packet archive logging. type: str choices: enable, disable
- mgmt_name - Hidden management name of FortiAnalyzer. type: str
- monitor_failure_retry_period - Time between FortiAnalyzer connection retries in seconds (for status and log buffer). type: int
- monitor_keepalive_period - Time between OFTP keepalives in seconds (for status and log buffer). type: int
- override - Enable/disable overriding FortiAnalyzer settings or use global settings. type: str choices: enable, disable
- reliable - Enable/disable reliable logging to FortiAnalyzer. type: str choices: enable, disable
- server - The remote FortiAnalyzer. type: str
- source_ip - Source IPv4 or IPv6 address used to communicate with FortiAnalyzer. type: str
- ssl_min_proto_version - Minimum supported protocol version for SSL/TLS connections . type: str choices: default, SSLv3, TLSv1, TLSv1-1, TLSv1-2
- status - Enable/disable logging to FortiAnalyzer. type: str choices: enable, disable
- upload_day - Day of week (month) to upload logs. type: str
- upload_interval - Frequency to upload log files to FortiAnalyzer. type: str choices: daily, weekly, monthly
- upload_option - Enable/disable logging to hard disk and then uploading to FortiAnalyzer. type: str choices: store-and-upload, realtime, 1-minute, 5-minute
- upload_time - Time to upload logs (hh:mm). type: str
- use_management_vdom - Enable/disable use of management VDOM IP address as source IP for logs sent to FortiAnalyzer. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Override FortiAnalyzer settings.
fortios_log_fortianalyzer_override_setting:
vdom: "{{ vdom }}"
log_fortianalyzer_override_setting:
__change_ip: "3"
certificate: "<your_own_value> (source certificate.local.name)"
conn_timeout: "5"
enc_algorithm: "high-medium"
faz_type: "7"
hmac_algorithm: "sha256"
ips_archive: "enable"
mgmt_name: "<your_own_value>"
monitor_failure_retry_period: "11"
monitor_keepalive_period: "12"
override: "enable"
reliable: "enable"
server: "192.168.100.40"
source_ip: "84.230.14.43"
ssl_min_proto_version: "default"
status: "enable"
upload_day: "<your_own_value>"
upload_interval: "daily"
upload_option: "store-and-upload"
upload_time: "<your_own_value>"
use_management_vdom: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_log_fortianalyzer_setting – Global FortiAnalyzer settings in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_fortianalyzer feature and setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- log_fortianalyzer_setting - Global FortiAnalyzer settings. type: dict
- __change_ip - Hidden attribute. type: int
- certificate - Certificate used to communicate with FortiAnalyzer. Source certificate.local.name. type: str
- conn_timeout - FortiAnalyzer connection time-out in seconds (for status and log buffer). type: int
- enc_algorithm - Enable/disable sending FortiAnalyzer log data with SSL encryption. type: str choices: high-medium, high, low
- faz_type - Hidden setting index of FortiAnalyzer. type: int
- hmac_algorithm - FortiAnalyzer IPsec tunnel HMAC algorithm. type: str choices: sha256, sha1
- ips_archive - Enable/disable IPS packet archive logging. type: str choices: enable, disable
- mgmt_name - Hidden management name of FortiAnalyzer. type: str
- monitor_failure_retry_period - Time between FortiAnalyzer connection retries in seconds (for status and log buffer). type: int
- monitor_keepalive_period - Time between OFTP keepalives in seconds (for status and log buffer). type: int
- reliable - Enable/disable reliable logging to FortiAnalyzer. type: str choices: enable, disable
- server - The remote FortiAnalyzer. type: str
- source_ip - Source IPv4 or IPv6 address used to communicate with FortiAnalyzer. type: str
- ssl_min_proto_version - Minimum supported protocol version for SSL/TLS connections . type: str choices: default, SSLv3, TLSv1, TLSv1-1, TLSv1-2
- status - Enable/disable logging to FortiAnalyzer. type: str choices: enable, disable
- upload_day - Day of week (month) to upload logs. type: str
- upload_interval - Frequency to upload log files to FortiAnalyzer. type: str choices: daily, weekly, monthly
- upload_option - Enable/disable logging to hard disk and then uploading to FortiAnalyzer. type: str choices: store-and-upload, realtime, 1-minute, 5-minute
- upload_time - Time to upload logs (hh:mm). type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Global FortiAnalyzer settings.
fortios_log_fortianalyzer_setting:
vdom: "{{ vdom }}"
log_fortianalyzer_setting:
__change_ip: "3"
certificate: "<your_own_value> (source certificate.local.name)"
conn_timeout: "5"
enc_algorithm: "high-medium"
faz_type: "7"
hmac_algorithm: "sha256"
ips_archive: "enable"
mgmt_name: "<your_own_value>"
monitor_failure_retry_period: "11"
monitor_keepalive_period: "12"
reliable: "enable"
server: "192.168.100.40"
source_ip: "84.230.14.43"
ssl_min_proto_version: "default"
status: "enable"
upload_day: "<your_own_value>"
upload_interval: "daily"
upload_option: "store-and-upload"
upload_time: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_log_fortiguard_filter – Filters for FortiCloud in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_fortiguard feature and filter category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- log_fortiguard_filter - Filters for FortiCloud. type: dict
- anomaly - Enable/disable anomaly logging. type: str choices: enable, disable
- dlp_archive - Enable/disable DLP archive logging. type: str choices: enable, disable
- dns - Enable/disable detailed DNS event logging. type: str choices: enable, disable
- filter - FortiCloud log filter. type: str
- filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude
- forward_traffic - Enable/disable forward traffic logging. type: str choices: enable, disable
- gtp - Enable/disable GTP messages logging. type: str choices: enable, disable
- local_traffic - Enable/disable local in or out traffic logging. type: str choices: enable, disable
- multicast_traffic - Enable/disable multicast traffic logging. type: str choices: enable, disable
- netscan_discovery - Enable/disable netscan discovery event logging. type: str
- netscan_vulnerability - Enable/disable netscan vulnerability event logging. type: str
- severity - Lowest severity level to log. type: str choices: emergency, alert, critical, error, warning, notification, information, debug
- sniffer_traffic - Enable/disable sniffer traffic logging. type: str choices: enable, disable
- ssh - Enable/disable SSH logging. type: str choices: enable, disable
- voip - Enable/disable VoIP logging. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Filters for FortiCloud.
fortios_log_fortiguard_filter:
vdom: "{{ vdom }}"
log_fortiguard_filter:
anomaly: "enable"
dlp_archive: "enable"
dns: "enable"
filter: "<your_own_value>"
filter_type: "include"
forward_traffic: "enable"
gtp: "enable"
local_traffic: "enable"
multicast_traffic: "enable"
netscan_discovery: "<your_own_value>"
netscan_vulnerability: "<your_own_value>"
severity: "emergency"
sniffer_traffic: "enable"
ssh: "enable"
voip: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_log_fortiguard_override_filter – Override filters for FortiCloud in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_fortiguard feature and override_filter category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- log_fortiguard_override_filter - Override filters for FortiCloud. type: dict
- anomaly - Enable/disable anomaly logging. type: str choices: enable, disable
- dlp_archive - Enable/disable DLP archive logging. type: str choices: enable, disable
- dns - Enable/disable detailed DNS event logging. type: str choices: enable, disable
- filter - FortiCloud log filter. type: str
- filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude
- forward_traffic - Enable/disable forward traffic logging. type: str choices: enable, disable
- gtp - Enable/disable GTP messages logging. type: str choices: enable, disable
- local_traffic - Enable/disable local in or out traffic logging. type: str choices: enable, disable
- multicast_traffic - Enable/disable multicast traffic logging. type: str choices: enable, disable
- netscan_discovery - Enable/disable netscan discovery event logging. type: str
- netscan_vulnerability - Enable/disable netscan vulnerability event logging. type: str
- severity - Lowest severity level to log. type: str choices: emergency, alert, critical, error, warning, notification, information, debug
- sniffer_traffic - Enable/disable sniffer traffic logging. type: str choices: enable, disable
- ssh - Enable/disable SSH logging. type: str choices: enable, disable
- voip - Enable/disable VoIP logging. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Override filters for FortiCloud.
fortios_log_fortiguard_override_filter:
vdom: "{{ vdom }}"
log_fortiguard_override_filter:
anomaly: "enable"
dlp_archive: "enable"
dns: "enable"
filter: "<your_own_value>"
filter_type: "include"
forward_traffic: "enable"
gtp: "enable"
local_traffic: "enable"
multicast_traffic: "enable"
netscan_discovery: "<your_own_value>"
netscan_vulnerability: "<your_own_value>"
severity: "emergency"
sniffer_traffic: "enable"
ssh: "enable"
voip: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_log_fortiguard_override_setting – Override global FortiCloud logging settings for this VDOM in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_fortiguard feature and override_setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- log_fortiguard_override_setting - Override global FortiCloud logging settings for this VDOM. type: dict
- override - Overriding FortiCloud settings for this VDOM or use global settings. type: str choices: enable, disable
- status - Enable/disable logging to FortiCloud. type: str choices: enable, disable
- upload_day - Day of week to roll logs. type: str
- upload_interval - Frequency of uploading log files to FortiCloud. type: str choices: daily, weekly, monthly
- upload_option - Configure how log messages are sent to FortiCloud. type: str choices: store-and-upload, realtime, 1-minute, 5-minute
- upload_time - Time of day to roll logs (hh:mm). type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Override global FortiCloud logging settings for this VDOM.
fortios_log_fortiguard_override_setting:
vdom: "{{ vdom }}"
log_fortiguard_override_setting:
override: "enable"
status: "enable"
upload_day: "<your_own_value>"
upload_interval: "daily"
upload_option: "store-and-upload"
upload_time: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_log_fortiguard_setting – Configure logging to FortiCloud in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_fortiguard feature and setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- log_fortiguard_setting - Configure logging to FortiCloud. type: dict
- enc_algorithm - Enable and set the SSL security level for for sending encrypted logs to FortiCloud. type: str choices: high-medium, high, low
- source_ip - Source IP address used to connect FortiCloud. type: str
- ssl_min_proto_version - Minimum supported protocol version for SSL/TLS connections . type: str choices: default, SSLv3, TLSv1, TLSv1-1, TLSv1-2
- status - Enable/disable logging to FortiCloud. type: str choices: enable, disable
- upload_day - Day of week to roll logs. type: str
- upload_interval - Frequency of uploading log files to FortiCloud. type: str choices: daily, weekly, monthly
- upload_option - Configure how log messages are sent to FortiCloud. type: str choices: store-and-upload, realtime, 1-minute, 5-minute
- upload_time - Time of day to roll logs (hh:mm). type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure logging to FortiCloud.
fortios_log_fortiguard_setting:
vdom: "{{ vdom }}"
log_fortiguard_setting:
enc_algorithm: "high-medium"
source_ip: "84.230.14.43"
ssl_min_proto_version: "default"
status: "enable"
upload_day: "<your_own_value>"
upload_interval: "daily"
upload_option: "store-and-upload"
upload_time: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_log_gui_display – Configure how log messages are displayed on the GUI in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log feature and gui_display category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- log_gui_display - Configure how log messages are displayed on the GUI. type: dict
- fortiview_unscanned_apps - Enable/disable showing unscanned traffic in FortiView application charts. type: str choices: enable, disable
- resolve_apps - Resolve unknown applications on the GUI using Fortinet"s remote application database. type: str choices: enable, disable
- resolve_hosts - Enable/disable resolving IP addresses to hostname in log messages on the GUI using reverse DNS lookup type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure how log messages are displayed on the GUI.
fortios_log_gui_display:
vdom: "{{ vdom }}"
log_gui_display:
fortiview_unscanned_apps: "enable"
resolve_apps: "enable"
resolve_hosts: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_log_memory_filter – Filters for memory buffer in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_memory feature and filter category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- log_memory_filter - Filters for memory buffer. type: dict
- admin - Enable/disable admin login/logout logging. type: str choices: enable, disable
- anomaly - Enable/disable anomaly logging. type: str choices: enable, disable
- auth - Enable/disable firewall authentication logging. type: str choices: enable, disable
- cpu_memory_usage - Enable/disable CPU & memory usage logging every 5 minutes. type: str choices: enable, disable
- dhcp - Enable/disable DHCP service messages logging. type: str choices: enable, disable
- dns - Enable/disable detailed DNS event logging. type: str choices: enable, disable
- event - Enable/disable event logging. type: str choices: enable, disable
- filter - Memory log filter. type: str
- filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude
- forward_traffic - Enable/disable forward traffic logging. type: str choices: enable, disable
- gtp - Enable/disable GTP messages logging. type: str choices: enable, disable
- ha - Enable/disable HA logging. type: str choices: enable, disable
- ipsec - Enable/disable IPsec negotiation messages logging. type: str choices: enable, disable
- ldb_monitor - Enable/disable VIP real server health monitoring logging. type: str choices: enable, disable
- local_traffic - Enable/disable local in or out traffic logging. type: str choices: enable, disable
- multicast_traffic - Enable/disable multicast traffic logging. type: str choices: enable, disable
- netscan_discovery - Enable/disable netscan discovery event logging. type: str
- netscan_vulnerability - Enable/disable netscan vulnerability event logging. type: str
- pattern - Enable/disable pattern update logging. type: str choices: enable, disable
- ppp - Enable/disable L2TP/PPTP/PPPoE logging. type: str choices: enable, disable
- radius - Enable/disable RADIUS messages logging. type: str choices: enable, disable
- severity - Log every message above and including this severity level. type: str choices: emergency, alert, critical, error, warning, notification, information, debug
- sniffer_traffic - Enable/disable sniffer traffic logging. type: str choices: enable, disable
- ssh - Enable/disable SSH logging. type: str choices: enable, disable
- sslvpn_log_adm - Enable/disable SSL administrator login logging. type: str choices: enable, disable
- sslvpn_log_auth - Enable/disable SSL user authentication logging. type: str choices: enable, disable
- sslvpn_log_session - Enable/disable SSL session logging. type: str choices: enable, disable
- system - Enable/disable system activity logging. type: str choices: enable, disable
- vip_ssl - Enable/disable VIP SSL logging. type: str choices: enable, disable
- voip - Enable/disable VoIP logging. type: str choices: enable, disable
- wan_opt - Enable/disable WAN optimization event logging. type: str choices: enable, disable
- wireless_activity - Enable/disable wireless activity event logging. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Filters for memory buffer.
fortios_log_memory_filter:
vdom: "{{ vdom }}"
log_memory_filter:
admin: "enable"
anomaly: "enable"
auth: "enable"
cpu_memory_usage: "enable"
dhcp: "enable"
dns: "enable"
event: "enable"
filter: "<your_own_value>"
filter_type: "include"
forward_traffic: "enable"
gtp: "enable"
ha: "enable"
ipsec: "enable"
ldb_monitor: "enable"
local_traffic: "enable"
multicast_traffic: "enable"
netscan_discovery: "<your_own_value>"
netscan_vulnerability: "<your_own_value>"
pattern: "enable"
ppp: "enable"
radius: "enable"
severity: "emergency"
sniffer_traffic: "enable"
ssh: "enable"
sslvpn_log_adm: "enable"
sslvpn_log_auth: "enable"
sslvpn_log_session: "enable"
system: "enable"
vip_ssl: "enable"
voip: "enable"
wan_opt: "enable"
wireless_activity: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_log_memory_global_setting – Global settings for memory logging in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_memory feature and global_setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- log_memory_global_setting - Global settings for memory logging. type: dict
- full_final_warning_threshold - Log full final warning threshold as a percent (3 - 100). type: int
- full_first_warning_threshold - Log full first warning threshold as a percent (1 - 98). type: int
- full_second_warning_threshold - Log full second warning threshold as a percent (2 - 99). type: int
- max_size - Maximum amount of memory that can be used for memory logging in bytes. type: int
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Global settings for memory logging.
fortios_log_memory_global_setting:
vdom: "{{ vdom }}"
log_memory_global_setting:
full_final_warning_threshold: "3"
full_first_warning_threshold: "4"
full_second_warning_threshold: "5"
max_size: "6"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_log_memory_setting – Settings for memory buffer in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_memory feature and setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- log_memory_setting - Settings for memory buffer. type: dict
- diskfull - Action to take when memory is full. type: str choices: overwrite
- status - Enable/disable logging to the FortiGate"s memory. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Settings for memory buffer.
fortios_log_memory_setting:
vdom: "{{ vdom }}"
log_memory_setting:
diskfull: "overwrite"
status: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_log_null_device_filter – Filters for null device logging in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_null_device feature and filter category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- log_null_device_filter - Filters for null device logging. type: dict
- anomaly - Enable/disable anomaly logging. type: str choices: enable, disable
- dns - Enable/disable detailed DNS event logging. type: str choices: enable, disable
- filter - Null-device log filter. type: str
- filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude
- forward_traffic - Enable/disable forward traffic logging. type: str choices: enable, disable
- gtp - Enable/disable GTP messages logging. type: str choices: enable, disable
- local_traffic - Enable/disable local in or out traffic logging. type: str choices: enable, disable
- multicast_traffic - Enable/disable multicast traffic logging. type: str choices: enable, disable
- netscan_discovery - Enable/disable netscan discovery event logging. type: str
- netscan_vulnerability - Enable/disable netscan vulnerability event logging. type: str
- severity - Lowest severity level to log. type: str choices: emergency, alert, critical, error, warning, notification, information, debug
- sniffer_traffic - Enable/disable sniffer traffic logging. type: str choices: enable, disable
- ssh - Enable/disable SSH logging. type: str choices: enable, disable
- voip - Enable/disable VoIP logging. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Filters for null device logging.
fortios_log_null_device_filter:
vdom: "{{ vdom }}"
log_null_device_filter:
anomaly: "enable"
dns: "enable"
filter: "<your_own_value>"
filter_type: "include"
forward_traffic: "enable"
gtp: "enable"
local_traffic: "enable"
multicast_traffic: "enable"
netscan_discovery: "<your_own_value>"
netscan_vulnerability: "<your_own_value>"
severity: "emergency"
sniffer_traffic: "enable"
ssh: "enable"
voip: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_log_null_device_setting – Settings for null device logging in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_null_device feature and setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- log_null_device_setting - Settings for null device logging. type: dict
- status - Enable/disable statistics collection for when no external logging destination, such as FortiAnalyzer, is present (data is not saved). type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Settings for null device logging.
fortios_log_null_device_setting:
vdom: "{{ vdom }}"
log_null_device_setting:
status: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_log_setting – Configure general log settings in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log feature and setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- log_setting - Configure general log settings. type: dict
- brief_traffic_format - Enable/disable brief format traffic logging. type: str choices: enable, disable
- custom_log_fields - Custom fields to append to all log messages. type: list
- field_id - Custom log field. Source log.custom-field.id. type: str
- daemon_log - Enable/disable daemon logging. type: str choices: enable, disable
- expolicy_implicit_log - Enable/disable explicit proxy firewall implicit policy logging. type: str choices: enable, disable
- fwpolicy_implicit_log - Enable/disable implicit firewall policy logging. type: str choices: enable, disable
- fwpolicy6_implicit_log - Enable/disable implicit firewall policy6 logging. type: str choices: enable, disable
- local_in_allow - Enable/disable local-in-allow logging. type: str choices: enable, disable
- local_in_deny_broadcast - Enable/disable local-in-deny-broadcast logging. type: str choices: enable, disable
- local_in_deny_unicast - Enable/disable local-in-deny-unicast logging. type: str choices: enable, disable
- local_out - Enable/disable local-out logging. type: str choices: enable, disable
- log_invalid_packet - Enable/disable invalid packet traffic logging. type: str choices: enable, disable
- log_policy_comment - Enable/disable inserting policy comments into traffic logs. type: str choices: enable, disable
- log_policy_name - Enable/disable inserting policy name into traffic logs. type: str choices: enable, disable
- log_user_in_upper - Enable/disable logs with user-in-upper. type: str choices: enable, disable
- neighbor_event - Enable/disable neighbor event logging. type: str choices: enable, disable
- resolve_ip - Enable/disable adding resolved domain names to traffic logs if possible. type: str choices: enable, disable
- resolve_port - Enable/disable adding resolved service names to traffic logs. type: str choices: enable, disable
- user_anonymize - Enable/disable anonymizing user names in log messages. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure general log settings.
fortios_log_setting:
vdom: "{{ vdom }}"
log_setting:
brief_traffic_format: "enable"
custom_log_fields:
-
field_id: "<your_own_value> (source log.custom-field.id)"
daemon_log: "enable"
expolicy_implicit_log: "enable"
fwpolicy_implicit_log: "enable"
fwpolicy6_implicit_log: "enable"
local_in_allow: "enable"
local_in_deny_broadcast: "enable"
local_in_deny_unicast: "enable"
local_out: "enable"
log_invalid_packet: "enable"
log_policy_comment: "enable"
log_policy_name: "enable"
log_user_in_upper: "enable"
neighbor_event: "enable"
resolve_ip: "enable"
resolve_port: "enable"
user_anonymize: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_log_syslogd2_filter – Filters for remote system server in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_syslogd2 feature and filter category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- log_syslogd2_filter - Filters for remote system server. type: dict
- anomaly - Enable/disable anomaly logging. type: str choices: enable, disable
- dns - Enable/disable detailed DNS event logging. type: str choices: enable, disable
- filter - Syslog 2 filter. type: str
- filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude
- forward_traffic - Enable/disable forward traffic logging. type: str choices: enable, disable
- gtp - Enable/disable GTP messages logging. type: str choices: enable, disable
- local_traffic - Enable/disable local in or out traffic logging. type: str choices: enable, disable
- multicast_traffic - Enable/disable multicast traffic logging. type: str choices: enable, disable
- netscan_discovery - Enable/disable netscan discovery event logging. type: str
- netscan_vulnerability - Enable/disable netscan vulnerability event logging. type: str
- severity - Lowest severity level to log. type: str choices: emergency, alert, critical, error, warning, notification, information, debug
- sniffer_traffic - Enable/disable sniffer traffic logging. type: str choices: enable, disable
- ssh - Enable/disable SSH logging. type: str choices: enable, disable
- voip - Enable/disable VoIP logging. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Filters for remote system server.
fortios_log_syslogd2_filter:
vdom: "{{ vdom }}"
log_syslogd2_filter:
anomaly: "enable"
dns: "enable"
filter: "<your_own_value>"
filter_type: "include"
forward_traffic: "enable"
gtp: "enable"
local_traffic: "enable"
multicast_traffic: "enable"
netscan_discovery: "<your_own_value>"
netscan_vulnerability: "<your_own_value>"
severity: "emergency"
sniffer_traffic: "enable"
ssh: "enable"
voip: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_log_syslogd2_setting – Global settings for remote syslog server in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_syslogd2 feature and setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- log_syslogd2_setting - Global settings for remote syslog server. type: dict
- certificate - Certificate used to communicate with Syslog server. Source certificate.local.name. type: str
- custom_field_name - Custom field name for CEF format logging. type: list
- custom - Field custom name. type: str
- id - Entry ID. type: int required: True
- name - Field name. type: str
- enc_algorithm - Enable/disable reliable syslogging with TLS encryption. type: str choices: high-medium, high, low, disable
- facility - Remote syslog facility. type: str choices: kernel, user, mail, daemon, auth, syslog, lpr, news, uucp, cron, authpriv, ftp, ntp, audit, alert, clock, local0, local1, local2, local3, local4, local5, local6, local7
- format - Log format. type: str choices: default, csv, cef
- mode - Remote syslog logging over UDP/Reliable TCP. type: str choices: udp, legacy-reliable, reliable
- port - Server listen port. type: int
- server - Address of remote syslog server. type: str
- source_ip - Source IP address of syslog. type: str
- ssl_min_proto_version - Minimum supported protocol version for SSL/TLS connections . type: str choices: default, SSLv3, TLSv1, TLSv1-1, TLSv1-2
- status - Enable/disable remote syslog logging. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Global settings for remote syslog server.
fortios_log_syslogd2_setting:
vdom: "{{ vdom }}"
log_syslogd2_setting:
certificate: "<your_own_value> (source certificate.local.name)"
custom_field_name:
-
custom: "<your_own_value>"
id: "6"
name: "default_name_7"
enc_algorithm: "high-medium"
facility: "kernel"
format: "default"
mode: "udp"
port: "12"
server: "192.168.100.40"
source_ip: "84.230.14.43"
ssl_min_proto_version: "default"
status: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_log_syslogd3_filter – Filters for remote system server in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_syslogd3 feature and filter category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- log_syslogd3_filter - Filters for remote system server. type: dict
- anomaly - Enable/disable anomaly logging. type: str choices: enable, disable
- dns - Enable/disable detailed DNS event logging. type: str choices: enable, disable
- filter - Syslog 3 filter. type: str
- filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude
- forward_traffic - Enable/disable forward traffic logging. type: str choices: enable, disable
- gtp - Enable/disable GTP messages logging. type: str choices: enable, disable
- local_traffic - Enable/disable local in or out traffic logging. type: str choices: enable, disable
- multicast_traffic - Enable/disable multicast traffic logging. type: str choices: enable, disable
- netscan_discovery - Enable/disable netscan discovery event logging. type: str
- netscan_vulnerability - Enable/disable netscan vulnerability event logging. type: str
- severity - Lowest severity level to log. type: str choices: emergency, alert, critical, error, warning, notification, information, debug
- sniffer_traffic - Enable/disable sniffer traffic logging. type: str choices: enable, disable
- ssh - Enable/disable SSH logging. type: str choices: enable, disable
- voip - Enable/disable VoIP logging. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Filters for remote system server.
fortios_log_syslogd3_filter:
vdom: "{{ vdom }}"
log_syslogd3_filter:
anomaly: "enable"
dns: "enable"
filter: "<your_own_value>"
filter_type: "include"
forward_traffic: "enable"
gtp: "enable"
local_traffic: "enable"
multicast_traffic: "enable"
netscan_discovery: "<your_own_value>"
netscan_vulnerability: "<your_own_value>"
severity: "emergency"
sniffer_traffic: "enable"
ssh: "enable"
voip: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_log_syslogd3_setting – Global settings for remote syslog server in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_syslogd3 feature and setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- log_syslogd3_setting - Global settings for remote syslog server. type: dict
- certificate - Certificate used to communicate with Syslog server. Source certificate.local.name. type: str
- custom_field_name - Custom field name for CEF format logging. type: list
- custom - Field custom name. type: str
- id - Entry ID. type: int required: True
- name - Field name. type: str
- enc_algorithm - Enable/disable reliable syslogging with TLS encryption. type: str choices: high-medium, high, low, disable
- facility - Remote syslog facility. type: str choices: kernel, user, mail, daemon, auth, syslog, lpr, news, uucp, cron, authpriv, ftp, ntp, audit, alert, clock, local0, local1, local2, local3, local4, local5, local6, local7
- format - Log format. type: str choices: default, csv, cef
- mode - Remote syslog logging over UDP/Reliable TCP. type: str choices: udp, legacy-reliable, reliable
- port - Server listen port. type: int
- server - Address of remote syslog server. type: str
- source_ip - Source IP address of syslog. type: str
- ssl_min_proto_version - Minimum supported protocol version for SSL/TLS connections . type: str choices: default, SSLv3, TLSv1, TLSv1-1, TLSv1-2
- status - Enable/disable remote syslog logging. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Global settings for remote syslog server.
fortios_log_syslogd3_setting:
vdom: "{{ vdom }}"
log_syslogd3_setting:
certificate: "<your_own_value> (source certificate.local.name)"
custom_field_name:
-
custom: "<your_own_value>"
id: "6"
name: "default_name_7"
enc_algorithm: "high-medium"
facility: "kernel"
format: "default"
mode: "udp"
port: "12"
server: "192.168.100.40"
source_ip: "84.230.14.43"
ssl_min_proto_version: "default"
status: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_log_syslogd4_filter – Filters for remote system server in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_syslogd4 feature and filter category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- log_syslogd4_filter - Filters for remote system server. type: dict
- anomaly - Enable/disable anomaly logging. type: str choices: enable, disable
- dns - Enable/disable detailed DNS event logging. type: str choices: enable, disable
- filter - Syslog 4 filter. type: str
- filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude
- forward_traffic - Enable/disable forward traffic logging. type: str choices: enable, disable
- gtp - Enable/disable GTP messages logging. type: str choices: enable, disable
- local_traffic - Enable/disable local in or out traffic logging. type: str choices: enable, disable
- multicast_traffic - Enable/disable multicast traffic logging. type: str choices: enable, disable
- netscan_discovery - Enable/disable netscan discovery event logging. type: str
- netscan_vulnerability - Enable/disable netscan vulnerability event logging. type: str
- severity - Lowest severity level to log. type: str choices: emergency, alert, critical, error, warning, notification, information, debug
- sniffer_traffic - Enable/disable sniffer traffic logging. type: str choices: enable, disable
- ssh - Enable/disable SSH logging. type: str choices: enable, disable
- voip - Enable/disable VoIP logging. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Filters for remote system server.
fortios_log_syslogd4_filter:
vdom: "{{ vdom }}"
log_syslogd4_filter:
anomaly: "enable"
dns: "enable"
filter: "<your_own_value>"
filter_type: "include"
forward_traffic: "enable"
gtp: "enable"
local_traffic: "enable"
multicast_traffic: "enable"
netscan_discovery: "<your_own_value>"
netscan_vulnerability: "<your_own_value>"
severity: "emergency"
sniffer_traffic: "enable"
ssh: "enable"
voip: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_log_syslogd4_setting – Global settings for remote syslog server in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_syslogd4 feature and setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- log_syslogd4_setting - Global settings for remote syslog server. type: dict
- certificate - Certificate used to communicate with Syslog server. Source certificate.local.name. type: str
- custom_field_name - Custom field name for CEF format logging. type: list
- custom - Field custom name. type: str
- id - Entry ID. type: int required: True
- name - Field name. type: str
- enc_algorithm - Enable/disable reliable syslogging with TLS encryption. type: str choices: high-medium, high, low, disable
- facility - Remote syslog facility. type: str choices: kernel, user, mail, daemon, auth, syslog, lpr, news, uucp, cron, authpriv, ftp, ntp, audit, alert, clock, local0, local1, local2, local3, local4, local5, local6, local7
- format - Log format. type: str choices: default, csv, cef
- mode - Remote syslog logging over UDP/Reliable TCP. type: str choices: udp, legacy-reliable, reliable
- port - Server listen port. type: int
- server - Address of remote syslog server. type: str
- source_ip - Source IP address of syslog. type: str
- ssl_min_proto_version - Minimum supported protocol version for SSL/TLS connections . type: str choices: default, SSLv3, TLSv1, TLSv1-1, TLSv1-2
- status - Enable/disable remote syslog logging. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Global settings for remote syslog server.
fortios_log_syslogd4_setting:
vdom: "{{ vdom }}"
log_syslogd4_setting:
certificate: "<your_own_value> (source certificate.local.name)"
custom_field_name:
-
custom: "<your_own_value>"
id: "6"
name: "default_name_7"
enc_algorithm: "high-medium"
facility: "kernel"
format: "default"
mode: "udp"
port: "12"
server: "192.168.100.40"
source_ip: "84.230.14.43"
ssl_min_proto_version: "default"
status: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_log_syslogd_filter – Filters for remote system server in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_syslogd feature and filter category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- log_syslogd_filter - Filters for remote system server. type: dict
- anomaly - Enable/disable anomaly logging. type: str choices: enable, disable
- dns - Enable/disable detailed DNS event logging. type: str choices: enable, disable
- filter - Syslog filter. type: str
- filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude
- forward_traffic - Enable/disable forward traffic logging. type: str choices: enable, disable
- gtp - Enable/disable GTP messages logging. type: str choices: enable, disable
- local_traffic - Enable/disable local in or out traffic logging. type: str choices: enable, disable
- multicast_traffic - Enable/disable multicast traffic logging. type: str choices: enable, disable
- netscan_discovery - Enable/disable netscan discovery event logging. type: str
- netscan_vulnerability - Enable/disable netscan vulnerability event logging. type: str
- severity - Lowest severity level to log. type: str choices: emergency, alert, critical, error, warning, notification, information, debug
- sniffer_traffic - Enable/disable sniffer traffic logging. type: str choices: enable, disable
- ssh - Enable/disable SSH logging. type: str choices: enable, disable
- voip - Enable/disable VoIP logging. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Filters for remote system server.
fortios_log_syslogd_filter:
vdom: "{{ vdom }}"
log_syslogd_filter:
anomaly: "enable"
dns: "enable"
filter: "<your_own_value>"
filter_type: "include"
forward_traffic: "enable"
gtp: "enable"
local_traffic: "enable"
multicast_traffic: "enable"
netscan_discovery: "<your_own_value>"
netscan_vulnerability: "<your_own_value>"
severity: "emergency"
sniffer_traffic: "enable"
ssh: "enable"
voip: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_log_syslogd_override_filter – Override filters for remote system server in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_syslogd feature and override_filter category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- log_syslogd_override_filter - Override filters for remote system server. type: dict
- anomaly - Enable/disable anomaly logging. type: str choices: enable, disable
- dns - Enable/disable detailed DNS event logging. type: str choices: enable, disable
- filter - Syslog filter. type: str
- filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude
- forward_traffic - Enable/disable forward traffic logging. type: str choices: enable, disable
- gtp - Enable/disable GTP messages logging. type: str choices: enable, disable
- local_traffic - Enable/disable local in or out traffic logging. type: str choices: enable, disable
- multicast_traffic - Enable/disable multicast traffic logging. type: str choices: enable, disable
- netscan_discovery - Enable/disable netscan discovery event logging. type: str
- netscan_vulnerability - Enable/disable netscan vulnerability event logging. type: str
- severity - Lowest severity level to log. type: str choices: emergency, alert, critical, error, warning, notification, information, debug
- sniffer_traffic - Enable/disable sniffer traffic logging. type: str choices: enable, disable
- ssh - Enable/disable SSH logging. type: str choices: enable, disable
- voip - Enable/disable VoIP logging. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Override filters for remote system server.
fortios_log_syslogd_override_filter:
vdom: "{{ vdom }}"
log_syslogd_override_filter:
anomaly: "enable"
dns: "enable"
filter: "<your_own_value>"
filter_type: "include"
forward_traffic: "enable"
gtp: "enable"
local_traffic: "enable"
multicast_traffic: "enable"
netscan_discovery: "<your_own_value>"
netscan_vulnerability: "<your_own_value>"
severity: "emergency"
sniffer_traffic: "enable"
ssh: "enable"
voip: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_log_syslogd_override_setting – Override settings for remote syslog server in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_syslogd feature and override_setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- log_syslogd_override_setting - Override settings for remote syslog server. type: dict
- certificate - Certificate used to communicate with Syslog server. Source certificate.local.name. type: str
- custom_field_name - Custom field name for CEF format logging. type: list
- custom - Field custom name. type: str
- id - Entry ID. type: int required: True
- name - Field name. type: str
- enc_algorithm - Enable/disable reliable syslogging with TLS encryption. type: str choices: high-medium, high, low, disable
- facility - Remote syslog facility. type: str choices: kernel, user, mail, daemon, auth, syslog, lpr, news, uucp, cron, authpriv, ftp, ntp, audit, alert, clock, local0, local1, local2, local3, local4, local5, local6, local7
- format - Log format. type: str choices: default, csv, cef
- mode - Remote syslog logging over UDP/Reliable TCP. type: str choices: udp, legacy-reliable, reliable
- override - Enable/disable override syslog settings. type: str choices: enable, disable
- port - Server listen port. type: int
- server - Address of remote syslog server. type: str
- source_ip - Source IP address of syslog. type: str
- ssl_min_proto_version - Minimum supported protocol version for SSL/TLS connections . type: str choices: default, SSLv3, TLSv1, TLSv1-1, TLSv1-2
- status - Enable/disable remote syslog logging. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Override settings for remote syslog server.
fortios_log_syslogd_override_setting:
vdom: "{{ vdom }}"
log_syslogd_override_setting:
certificate: "<your_own_value> (source certificate.local.name)"
custom_field_name:
-
custom: "<your_own_value>"
id: "6"
name: "default_name_7"
enc_algorithm: "high-medium"
facility: "kernel"
format: "default"
mode: "udp"
override: "enable"
port: "13"
server: "192.168.100.40"
source_ip: "84.230.14.43"
ssl_min_proto_version: "default"
status: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_log_syslogd_setting – Global settings for remote syslog server in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_syslogd feature and setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- log_syslogd_setting - Global settings for remote syslog server. type: dict
- certificate - Certificate used to communicate with Syslog server. Source certificate.local.name. type: str
- custom_field_name - Custom field name for CEF format logging. type: list
- custom - Field custom name. type: str
- id - Entry ID. type: int required: True
- name - Field name. type: str
- enc_algorithm - Enable/disable reliable syslogging with TLS encryption. type: str choices: high-medium, high, low, disable
- facility - Remote syslog facility. type: str choices: kernel, user, mail, daemon, auth, syslog, lpr, news, uucp, cron, authpriv, ftp, ntp, audit, alert, clock, local0, local1, local2, local3, local4, local5, local6, local7
- format - Log format. type: str choices: default, csv, cef
- mode - Remote syslog logging over UDP/Reliable TCP. type: str choices: udp, legacy-reliable, reliable
- port - Server listen port. type: int
- server - Address of remote syslog server. type: str
- source_ip - Source IP address of syslog. type: str
- ssl_min_proto_version - Minimum supported protocol version for SSL/TLS connections . type: str choices: default, SSLv3, TLSv1, TLSv1-1, TLSv1-2
- status - Enable/disable remote syslog logging. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Global settings for remote syslog server.
fortios_log_syslogd_setting:
vdom: "{{ vdom }}"
log_syslogd_setting:
certificate: "<your_own_value> (source certificate.local.name)"
custom_field_name:
-
custom: "<your_own_value>"
id: "6"
name: "default_name_7"
enc_algorithm: "high-medium"
facility: "kernel"
format: "default"
mode: "udp"
port: "12"
server: "192.168.100.40"
source_ip: "84.230.14.43"
ssl_min_proto_version: "default"
status: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_log_threat_weight – Configure threat weight settings in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log feature and threat_weight category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- log_threat_weight - Configure threat weight settings. type: dict
- application - Application-control threat weight settings. type: list
- category - Application category. type: int
- id - Entry ID. type: int required: True
- level - Threat weight score for Application events. type: str choices: disable, low, medium, high, critical
- blocked_connection - Threat weight score for blocked connections. type: str choices: disable, low, medium, high, critical
- failed_connection - Threat weight score for failed connections. type: str choices: disable, low, medium, high, critical
- geolocation - Geolocation-based threat weight settings. type: list
- country - Country code. type: str
- id - Entry ID. type: int required: True
- level - Threat weight score for Geolocation-based events. type: str choices: disable, low, medium, high, critical
- ips - IPS threat weight settings. type: dict
- critical_severity - Threat weight score for IPS critical severity events. type: str choices: disable, low, medium, high, critical
- high_severity - Threat weight score for IPS high severity events. type: str choices: disable, low, medium, high, critical
- info_severity - Threat weight score for IPS info severity events. type: str choices: disable, low, medium, high, critical
- low_severity - Threat weight score for IPS low severity events. type: str choices: disable, low, medium, high, critical
- medium_severity - Threat weight score for IPS medium severity events. type: str choices: disable, low, medium, high, critical
- level - Score mapping for threat weight levels. type: dict
- critical - Critical level score value (1 - 100). type: int
- high - High level score value (1 - 100). type: int
- low - Low level score value (1 - 100). type: int
- medium - Medium level score value (1 - 100). type: int
- malware - Anti-virus malware threat weight settings. type: dict
- botnet_connection - Threat weight score for detected botnet connections. type: str choices: disable, low, medium, high, critical
- command_blocked - Threat weight score for blocked command detected. type: str choices: disable, low, medium, high, critical
- content_disarm - Threat weight score for virus (content disarm) detected. type: str choices: disable, low, medium, high, critical
- mimefragmented - Threat weight score for mimefragmented detected. type: str choices: disable, low, medium, high, critical
- oversized - Threat weight score for oversized file detected. type: str choices: disable, low, medium, high, critical
- switch_proto - Threat weight score for switch proto detected. type: str choices: disable, low, medium, high, critical
- virus_blocked - Threat weight score for virus (blocked) detected. type: str choices: disable, low, medium, high, critical
- virus_file_type_executable - Threat weight score for virus (filetype executable) detected. type: str choices: disable, low, medium, high, critical
- virus_infected - Threat weight score for virus (infected) detected. type: str choices: disable, low, medium, high, critical
- virus_outbreak_prevention - Threat weight score for virus (outbreak prevention) event. type: str choices: disable, low, medium, high, critical
- virus_scan_error - Threat weight score for virus (scan error) detected. type: str choices: disable, low, medium, high, critical
- status - Enable/disable the threat weight feature. type: str choices: enable, disable
- url_block_detected - Threat weight score for URL blocking. type: str choices: disable, low, medium, high, critical
- web - Web filtering threat weight settings. type: list
- category - Threat weight score for web category filtering matches. type: int
- id - Entry ID. type: int required: True
- level - Threat weight score for web category filtering matches. type: str choices: disable, low, medium, high, critical
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure threat weight settings.
fortios_log_threat_weight:
vdom: "{{ vdom }}"
log_threat_weight:
application:
-
category: "4"
id: "5"
level: "disable"
blocked_connection: "disable"
failed_connection: "disable"
geolocation:
-
country: "<your_own_value>"
id: "11"
level: "disable"
ips:
critical_severity: "disable"
high_severity: "disable"
info_severity: "disable"
low_severity: "disable"
medium_severity: "disable"
level:
critical: "20"
high: "21"
low: "22"
medium: "23"
malware:
botnet_connection: "disable"
command_blocked: "disable"
content_disarm: "disable"
mimefragmented: "disable"
oversized: "disable"
switch_proto: "disable"
virus_blocked: "disable"
virus_file_type_executable: "disable"
virus_infected: "disable"
virus_outbreak_prevention: "disable"
virus_scan_error: "disable"
status: "enable"
url_block_detected: "disable"
web:
-
category: "39"
id: "40"
level: "disable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_log_webtrends_filter – Filters for WebTrends in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_webtrends feature and filter category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- log_webtrends_filter - Filters for WebTrends. type: dict
- anomaly - Enable/disable anomaly logging. type: str choices: enable, disable
- dns - Enable/disable detailed DNS event logging. type: str choices: enable, disable
- filter - Webtrends log filter. type: str
- filter_type - Include/exclude logs that match the filter. type: str choices: include, exclude
- forward_traffic - Enable/disable forward traffic logging. type: str choices: enable, disable
- gtp - Enable/disable GTP messages logging. type: str choices: enable, disable
- local_traffic - Enable/disable local in or out traffic logging. type: str choices: enable, disable
- multicast_traffic - Enable/disable multicast traffic logging. type: str choices: enable, disable
- netscan_discovery - Enable/disable netscan discovery event logging. type: str
- netscan_vulnerability - Enable/disable netscan vulnerability event logging. type: str
- severity - Lowest severity level to log to WebTrends. type: str choices: emergency, alert, critical, error, warning, notification, information, debug
- sniffer_traffic - Enable/disable sniffer traffic logging. type: str choices: enable, disable
- ssh - Enable/disable SSH logging. type: str choices: enable, disable
- voip - Enable/disable VoIP logging. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Filters for WebTrends.
fortios_log_webtrends_filter:
vdom: "{{ vdom }}"
log_webtrends_filter:
anomaly: "enable"
dns: "enable"
filter: "<your_own_value>"
filter_type: "include"
forward_traffic: "enable"
gtp: "enable"
local_traffic: "enable"
multicast_traffic: "enable"
netscan_discovery: "<your_own_value>"
netscan_vulnerability: "<your_own_value>"
severity: "emergency"
sniffer_traffic: "enable"
ssh: "enable"
voip: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_log_webtrends_setting – Settings for WebTrends in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify log_webtrends feature and setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- log_webtrends_setting - Settings for WebTrends. type: dict
- server - Address of the remote WebTrends server. type: str
- status - Enable/disable logging to WebTrends. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Settings for WebTrends.
fortios_log_webtrends_setting:
vdom: "{{ vdom }}"
log_webtrends_setting:
server: "192.168.100.40"
status: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_registration_forticare – Add a FortiCare license in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify registration feature and forticare category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- registration_forticare - Add a FortiCare license. type: dict
- registration_code - FortiCare contract number. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: no
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 80
tasks:
- name: Add a FortiCare license.
fortios_registration_forticare:
vdom: "{{ vdom }}"
registration_forticare:
registration_code: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: POST
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: forticare
- path - Path of the table used to fulfill the request returned: always type: str sample: registration
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_registration_vdom – Add a VDOM license in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify registration feature and vdom category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- registration_vdom - Add a VDOM license. type: dict
- license - VDOM license key. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: no
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 80
tasks:
- name: Add a VDOM license.
fortios_registration_vdom:
vdom: "{{ vdom }}"
registration_vdom:
license: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: POST
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: vdom
- path - Path of the table used to fulfill the request returned: always type: str sample: registration
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_report_chart – Report chart widget configuration in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify report feature and chart category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- report_chart - Report chart widget configuration. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- background - Chart background. type: str
- category - Category. type: str choices: misc, traffic, event, virus, webfilter, attack, spam, dlp, app-ctrl, vulnerability
- category_series - Category series of pie chart. type: dict
- databind - Category series value expression. type: str
- font_size - Font size of category-series title. type: int
- color_palette - Color palette (system will pick color automatically by default). type: str
- column - Table column definition. type: list
- detail_unit - Detail unit of column. type: str
- detail_value - Detail value of column. type: str
- footer_unit - Footer unit of column. type: str
- footer_value - Footer value of column. type: str
- header_value - Display name of table header. type: str
- id - ID. type: int required: True
- mapping - Show detail in certain display value for certain condition. type: list
- displayname - Display name. type: str
- id - id type: int required: True
- op - Comparision operater. type: str choices: none, greater, greater-equal, less, less-equal, equal, between
- value_type - Value type. type: str choices: integer, string
- value1 - Value 1. type: str
- value2 - Value 2. type: str
- comments - Comment. type: str
- dataset - Bind dataset to chart. type: str
- dimension - Dimension. type: str choices: 2D, 3D
- drill_down_charts - Drill down charts. type: list
- chart_name - Drill down chart name. type: str
- id - Drill down chart ID. type: int required: True
- status - Enable/disable this drill down chart. type: str choices: enable, disable
- favorite - Favorite. type: str choices: False, True
- graph_type - Graph type. type: str choices: none, bar, pie, line, flow
- legend - Enable/Disable Legend area. type: str choices: enable, disable
- legend_font_size - Font size of legend area. type: int
- name - Chart Widget Name type: str required: True
- period - Time period. type: str choices: last24h, last7d
- policy - Used by monitor policy. type: int
- style - Style. type: str choices: auto, manual
- title - Chart title. type: str
- title_font_size - Font size of chart title. type: int
- type - Chart type. type: str choices: graph, table
- value_series - Value series of pie chart. type: dict
- databind - Value series value expression. type: str
- x_series - X-series of chart. type: dict
- caption - X-series caption. type: str
- caption_font_size - X-series caption font size. type: int
- databind - X-series value expression. type: str
- font_size - X-series label font size. type: int
- is_category - X-series represent category or not. type: str choices: True, False
- label_angle - X-series label angle. type: str choices: 45-degree, vertical, horizontal
- scale_direction - Scale increase or decrease. type: str choices: decrease, increase
- scale_format - Date/time format. type: str choices: YYYY-MM-DD-HH-MM, YYYY-MM-DD HH, YYYY-MM-DD, YYYY-MM, YYYY, HH-MM, MM-DD
- scale_step - Scale step. type: int
- scale_unit - Scale unit. type: str choices: minute, hour, day, month, year
- unit - X-series unit. type: str
- y_series - Y-series of chart. type: dict
- caption - Y-series caption. type: str
- caption_font_size - Y-series caption font size. type: int
- databind - Y-series value expression. type: str
- extra_databind - Extra Y-series value. type: str
- extra_y - Allow another Y-series value type: str choices: enable, disable
- extra_y_legend - Extra Y-series legend type/name. type: str
- font_size - Y-series label font size. type: int
- group - Y-series group option. type: str
- label_angle - Y-series label angle. type: str choices: 45-degree, vertical, horizontal
- unit - Y-series unit. type: str
- y_legend - First Y-series legend type/name. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Report chart widget configuration.
fortios_report_chart:
vdom: "{{ vdom }}"
state: "present"
report_chart:
background: "<your_own_value>"
category: "misc"
category_series:
databind: "<your_own_value>"
font_size: "7"
color_palette: "<your_own_value>"
column:
-
detail_unit: "<your_own_value>"
detail_value: "<your_own_value>"
footer_unit: "<your_own_value>"
footer_value: "<your_own_value>"
header_value: "<your_own_value>"
id: "15"
mapping:
-
displayname: "<your_own_value>"
id: "18"
op: "none"
value_type: "integer"
value1: "<your_own_value>"
value2: "<your_own_value>"
comments: "<your_own_value>"
dataset: "<your_own_value>"
dimension: "2D"
drill_down_charts:
-
chart_name: "<your_own_value>"
id: "28"
status: "enable"
favorite: "no"
graph_type: "none"
legend: "enable"
legend_font_size: "33"
name: "default_name_34"
period: "last24h"
policy: "36"
style: "auto"
title: "<your_own_value>"
title_font_size: "39"
type: "graph"
value_series:
databind: "<your_own_value>"
x_series:
caption: "<your_own_value>"
caption_font_size: "45"
databind: "<your_own_value>"
font_size: "47"
is_category: "yes"
label_angle: "45-degree"
scale_direction: "decrease"
scale_format: "YYYY-MM-DD-HH-MM"
scale_step: "52"
scale_unit: "minute"
unit: "<your_own_value>"
y_series:
caption: "<your_own_value>"
caption_font_size: "57"
databind: "<your_own_value>"
extra_databind: "<your_own_value>"
extra_y: "enable"
extra_y_legend: "<your_own_value>"
font_size: "62"
group: "<your_own_value>"
label_angle: "45-degree"
unit: "<your_own_value>"
y_legend: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_report_dataset – Report dataset configuration in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify report feature and dataset category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- report_dataset - Report dataset configuration. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- field - Fields. type: list
- displayname - Display name. type: str
- id - Field ID (1 to number of columns in SQL result). type: int required: True
- name - Name. type: str
- type - Field type. type: str choices: text, integer, double
- name - Name. type: str required: True
- parameters - Parameters. type: list
- data_type - Data type. type: str choices: text, integer, double, long-integer, date-time
- display_name - Display name. type: str
- field - SQL field name. type: str
- id - Parameter ID (1 to number of columns in SQL result). type: int required: True
- policy - Used by monitor policy. type: int
- query - SQL query statement. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Report dataset configuration.
fortios_report_dataset:
vdom: "{{ vdom }}"
state: "present"
report_dataset:
field:
-
displayname: "<your_own_value>"
id: "5"
name: "default_name_6"
type: "text"
name: "default_name_8"
parameters:
-
data_type: "text"
display_name: "<your_own_value>"
field: "<your_own_value>"
id: "13"
policy: "14"
query: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_report_layout – Report layout configuration in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify report feature and layout category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- report_layout - Report layout configuration. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- body_item - Configure report body item. type: list
- chart - Report item chart name. type: str
- chart_options - Report chart options. type: str choices: include-no-data, hide-title, show-caption
- column - Report section column number. type: int
- content - Report item text content. type: str
- description - Description. type: str
- drill_down_items - Control how drill down charts are shown. type: str
- drill_down_types - Control whether keys from the parent being combined or not. type: str
- hide - Enable/disable hide item in report. type: str choices: enable, disable
- id - Report item ID. type: int required: True
- img_src - Report item image file name. type: str
- list - Configure report list item. type: list
- content - List entry content. type: str
- id - List entry ID. type: int required: True
- list_component - Report item list component. type: str choices: bullet, numbered
- misc_component - Report item miscellaneous component. type: str choices: hline, page-break, column-break, section-start
- parameters - Parameters. type: list
- id - ID. type: int required: True
- name - Field name that match field of parameters defined in dataset. type: str
- value - Value to replace corresponding field of parameters defined in dataset. type: str
- style - Report item style. type: str
- table_caption_style - Table chart caption style. type: str
- table_column_widths - Report item table column widths. type: str
- table_even_row_style - Table chart even row style. type: str
- table_head_style - Table chart head style. type: str
- table_odd_row_style - Table chart odd row style. type: str
- text_component - Report item text component. type: str choices: text, heading1, heading2, heading3
- title - Report section title. type: str
- top_n - Value of top. type: int
- type - Report item type. type: str choices: text, image, chart, misc
- cutoff_option - Cutoff-option is either run-time or custom. type: str choices: run-time, custom
- cutoff_time - Custom cutoff time to generate report [hh:mm]. type: str
- day - Schedule days of week to generate report. type: str choices: sunday, monday, tuesday, wednesday, thursday, friday, saturday
- description - Description. type: str
- email_recipients - Email recipients for generated reports. type: str
- email_send - Enable/disable sending emails after reports are generated. type: str choices: enable, disable
- format - Report format. type: str choices: pdf
- max_pdf_report - Maximum number of PDF reports to keep at one time (oldest report is overwritten). type: int
- name - Report layout name. type: str required: True
- options - Report layout options. type: str choices: include-table-of-content, auto-numbering-heading, view-chart-as-heading, show-html-navbar-before-heading, dummy-option
- page - Configure report page. type: dict
- column_break_before - Report page auto column break before heading. type: str choices: heading1, heading2, heading3
- footer - Configure report page footer. type: dict
- footer_item - Configure report footer item. type: list
- content - Report item text content. type: str
- description - Description. type: str
- id - Report item ID. type: int required: True
- img_src - Report item image file name. type: str
- style - Report item style. type: str
- type - Report item type. type: str choices: text, image
- style - Report footer style. type: str
- header - Configure report page header. type: dict
- header_item - Configure report header item. type: list
- content - Report item text content. type: str
- description - Description. type: str
- id - Report item ID. type: int required: True
- img_src - Report item image file name. type: str
- style - Report item style. type: str
- type - Report item type. type: str choices: text, image
- style - Report header style. type: str
- options - Report page options. type: str choices: header-on-first-page, footer-on-first-page
- page_break_before - Report page auto page break before heading. type: str choices: heading1, heading2, heading3
- paper - Report page paper. type: str choices: a4, letter
- schedule_type - Report schedule type. type: str choices: demand, daily, weekly
- style_theme - Report style theme. type: str
- subtitle - Report subtitle. type: str
- time - Schedule time to generate report [hh:mm]. type: str
- title - Report title. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Report layout configuration.
fortios_report_layout:
vdom: "{{ vdom }}"
state: "present"
report_layout:
body_item:
-
chart: "<your_own_value>"
chart_options: "include-no-data"
column: "6"
content: "<your_own_value>"
description: "<your_own_value>"
drill_down_items: "<your_own_value>"
drill_down_types: "<your_own_value>"
hide: "enable"
id: "12"
img_src: "<your_own_value>"
list:
-
content: "<your_own_value>"
id: "16"
list_component: "bullet"
misc_component: "hline"
parameters:
-
id: "20"
name: "default_name_21"
value: "<your_own_value>"
style: "<your_own_value>"
table_caption_style: "<your_own_value>"
table_column_widths: "<your_own_value>"
table_even_row_style: "<your_own_value>"
table_head_style: "<your_own_value>"
table_odd_row_style: "<your_own_value>"
text_component: "text"
title: "<your_own_value>"
top_n: "31"
type: "text"
cutoff_option: "run-time"
cutoff_time: "<your_own_value>"
day: "sunday"
description: "<your_own_value>"
email_recipients: "<your_own_value>"
email_send: "enable"
format: "pdf"
max_pdf_report: "40"
name: "default_name_41"
options: "include-table-of-content"
page:
column_break_before: "heading1"
footer:
footer_item:
-
content: "<your_own_value>"
description: "<your_own_value>"
id: "49"
img_src: "<your_own_value>"
style: "<your_own_value>"
type: "text"
style: "<your_own_value>"
header:
header_item:
-
content: "<your_own_value>"
description: "<your_own_value>"
id: "58"
img_src: "<your_own_value>"
style: "<your_own_value>"
type: "text"
style: "<your_own_value>"
options: "header-on-first-page"
page_break_before: "heading1"
paper: "a4"
schedule_type: "demand"
style_theme: "<your_own_value>"
subtitle: "<your_own_value>"
time: "<your_own_value>"
title: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_report_setting – Report setting configuration in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify report feature and setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- report_setting - Report setting configuration. type: dict
- fortiview - Enable/disable historical FortiView. type: str choices: enable, disable
- pdf_report - Enable/disable PDF report. type: str choices: enable, disable
- report_source - Report log source. type: str choices: forward-traffic, sniffer-traffic, local-deny-traffic
- top_n - Number of items to populate (100 - 4000). type: int
- web_browsing_threshold - Web browsing time calculation threshold (3 - 15 min). type: int
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Report setting configuration.
fortios_report_setting:
vdom: "{{ vdom }}"
report_setting:
fortiview: "enable"
pdf_report: "enable"
report_source: "forward-traffic"
top_n: "6"
web_browsing_threshold: "7"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_report_style – Report style configuration in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify report feature and style category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- report_style - Report style configuration. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- align - Alignment. type: str choices: left, center, right, justify
- bg_color - Background color. type: str
- border_bottom - Border bottom. type: str
- border_left - Border left. type: str
- border_right - Border right. type: str
- border_top - Border top. type: str
- column_gap - Column gap. type: str
- column_span - Column span. type: str choices: none, all
- fg_color - Foreground color. type: str
- font_family - Font family. type: str choices: Verdana, Arial, Helvetica, Courier, Times
- font_size - Font size. type: str
- font_style - Font style. type: str choices: normal, italic
- font_weight - Font weight. type: str choices: normal, bold
- height - Height. type: str
- line_height - Text line height. type: str
- margin_bottom - Margin bottom. type: str
- margin_left - Margin left. type: str
- margin_right - Margin right. type: str
- margin_top - Margin top. type: str
- name - Report style name. type: str required: True
- options - Report style options. type: str choices: font, text, color, align, size, margin, border, padding, column
- padding_bottom - Padding bottom. type: str
- padding_left - Padding left. type: str
- padding_right - Padding right. type: str
- padding_top - Padding top. type: str
- width - Width. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Report style configuration.
fortios_report_style:
vdom: "{{ vdom }}"
state: "present"
report_style:
align: "left"
bg_color: "<your_own_value>"
border_bottom: "<your_own_value>"
border_left: "<your_own_value>"
border_right: "<your_own_value>"
border_top: "<your_own_value>"
column_gap: "<your_own_value>"
column_span: "none"
fg_color: "<your_own_value>"
font_family: "Verdana"
font_size: "<your_own_value>"
font_style: "normal"
font_weight: "normal"
height: "<your_own_value>"
line_height: "<your_own_value>"
margin_bottom: "<your_own_value>"
margin_left: "<your_own_value>"
margin_right: "<your_own_value>"
margin_top: "<your_own_value>"
name: "default_name_22"
options: "font"
padding_bottom: "<your_own_value>"
padding_left: "<your_own_value>"
padding_right: "<your_own_value>"
padding_top: "<your_own_value>"
width: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_report_theme – Report themes configuratio in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify report feature and theme category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- report_theme - Report themes configuration type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- bullet_list_style - Bullet list style. type: str
- column_count - Report page column count. type: str choices: 1, 2, 3
- default_html_style - Default HTML report style. type: str
- default_pdf_style - Default PDF report style. type: str
- graph_chart_style - Graph chart style. type: str
- heading1_style - Report heading style. type: str
- heading2_style - Report heading style. type: str
- heading3_style - Report heading style. type: str
- heading4_style - Report heading style. type: str
- hline_style - Horizontal line style. type: str
- image_style - Image style. type: str
- name - Report theme name. type: str required: True
- normal_text_style - Normal text style. type: str
- numbered_list_style - Numbered list style. type: str
- page_footer_style - Report page footer style. type: str
- page_header_style - Report page header style. type: str
- page_orient - Report page orientation. type: str choices: portrait, landscape
- page_style - Report page style. type: str
- report_subtitle_style - Report subtitle style. type: str
- report_title_style - Report title style. type: str
- table_chart_caption_style - Table chart caption style. type: str
- table_chart_even_row_style - Table chart even row style. type: str
- table_chart_head_style - Table chart head row style. type: str
- table_chart_odd_row_style - Table chart odd row style. type: str
- table_chart_style - Table chart style. type: str
- toc_heading1_style - Table of contents heading style. type: str
- toc_heading2_style - Table of contents heading style. type: str
- toc_heading3_style - Table of contents heading style. type: str
- toc_heading4_style - Table of contents heading style. type: str
- toc_title_style - Table of contents title style. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Report themes configuration
fortios_report_theme:
vdom: "{{ vdom }}"
state: "present"
report_theme:
bullet_list_style: "<your_own_value>"
column_count: "1"
default_html_style: "<your_own_value>"
default_pdf_style: "<your_own_value>"
graph_chart_style: "<your_own_value>"
heading1_style: "<your_own_value>"
heading2_style: "<your_own_value>"
heading3_style: "<your_own_value>"
heading4_style: "<your_own_value>"
hline_style: "<your_own_value>"
image_style: "<your_own_value>"
name: "default_name_14"
normal_text_style: "<your_own_value>"
numbered_list_style: "<your_own_value>"
page_footer_style: "<your_own_value>"
page_header_style: "<your_own_value>"
page_orient: "portrait"
page_style: "<your_own_value>"
report_subtitle_style: "<your_own_value>"
report_title_style: "<your_own_value>"
table_chart_caption_style: "<your_own_value>"
table_chart_even_row_style: "<your_own_value>"
table_chart_head_style: "<your_own_value>"
table_chart_odd_row_style: "<your_own_value>"
table_chart_style: "<your_own_value>"
toc_heading1_style: "<your_own_value>"
toc_heading2_style: "<your_own_value>"
toc_heading3_style: "<your_own_value>"
toc_heading4_style: "<your_own_value>"
toc_title_style: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_router_access_list – Configure access lists in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and access_list category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- router_access_list - Configure access lists. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- comments - Comment. type: str
- name - Name. type: str required: True
- rule - Rule. type: list
- action - Permit or deny this IP address and netmask prefix. type: str choices: permit, deny
- exact_match - Enable/disable exact match. type: str choices: enable, disable
- flags - Flags. type: int
- id - Rule ID. type: int required: True
- prefix - IPv4 prefix to define regular filter criteria, such as "any" or subnets. type: str
- wildcard - Wildcard to define Cisco-style wildcard filter criteria. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure access lists.
fortios_router_access_list:
vdom: "{{ vdom }}"
state: "present"
router_access_list:
comments: "<your_own_value>"
name: "default_name_4"
rule:
-
action: "permit"
exact_match: "enable"
flags: "8"
id: "9"
prefix: "<your_own_value>"
wildcard: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_router_access_list6 – Configure IPv6 access lists in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and access_list6 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- router_access_list6 - Configure IPv6 access lists. type: dict
- comments - Comment. type: str
- name - Name. type: str required: True
- rule - Rule. type: list
- action - Permit or deny this IP address and netmask prefix. type: str choices: permit, deny
- exact_match - Enable/disable exact prefix match. type: str choices: enable, disable
- flags - Flags. type: int
- id - Rule ID. type: int required: True
- prefix6 - IPv6 prefix to define regular filter criteria, such as "any" or subnets. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IPv6 access lists.
fortios_router_access_list6:
vdom: "{{ vdom }}"
state: "present"
router_access_list6:
comments: "<your_own_value>"
name: "default_name_4"
rule:
-
action: "permit"
exact_match: "enable"
flags: "8"
id: "9"
prefix6: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_router_aspath_list – Configure Autonomous System (AS) path lists in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and aspath_list category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- router_aspath_list - Configure Autonomous System (AS) path lists. type: dict
- name - AS path list name. type: str required: True
- rule - AS path list rule. type: list
- action - Permit or deny route-based operations, based on the route"s AS_PATH attribute. type: str choices: deny, permit
- id - ID. type: int required: True
- regexp - Regular-expression to match the Border Gateway Protocol (BGP) AS paths. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure Autonomous System (AS) path lists.
fortios_router_aspath_list:
vdom: "{{ vdom }}"
state: "present"
router_aspath_list:
name: "default_name_3"
rule:
-
action: "deny"
id: "6"
regexp: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_router_auth_path – Configure authentication based routing in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and auth_path category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- router_auth_path - Configure authentication based routing. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- device - Outgoing interface. Source system.interface.name. type: str
- gateway - Gateway IP address. type: str
- name - Name of the entry. type: str required: True
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure authentication based routing.
fortios_router_auth_path:
vdom: "{{ vdom }}"
state: "present"
router_auth_path:
device: "<your_own_value> (source system.interface.name)"
gateway: "<your_own_value>"
name: "default_name_5"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_router_bfd – Configure BFD in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and bfd category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- router_bfd - Configure BFD. type: dict
- neighbor - neighbor type: list
- interface - Interface name. Source system.interface.name. type: str
- ip - IPv4 address of the BFD neighbor. type: str required: True
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure BFD.
fortios_router_bfd:
vdom: "{{ vdom }}"
router_bfd:
neighbor:
-
interface: "<your_own_value> (source system.interface.name)"
ip: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_router_bfd6 – Configure IPv6 BFD in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and bfd6 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- router_bfd6 - Configure IPv6 BFD. type: dict
- neighbor - Configure neighbor of IPv6 BFD. type: list
- interface - Interface to the BFD neighbor. Source system.interface.name. type: str
- ip6_address - IPv6 address of the BFD neighbor. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IPv6 BFD.
fortios_router_bfd6:
vdom: "{{ vdom }}"
router_bfd6:
neighbor:
-
interface: "<your_own_value> (source system.interface.name)"
ip6_address: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_router_bgp – Configure BGP in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and bgp category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- router_bgp - Configure BGP. type: dict
- admin_distance - Administrative distance modifications. type: list
- distance - Administrative distance to apply (1 - 255). type: int
- id - ID. type: int required: True
- neighbour_prefix - Neighbor address prefix. type: str
- route_list - Access list of routes to apply new distance to. Source router.access-list.name. type: str
- aggregate_address - BGP aggregate address table. type: list
- as_set - Enable/disable generate AS set path information. type: str choices: enable, disable
- id - ID. type: int required: True
- prefix - Aggregate prefix. type: str
- summary_only - Enable/disable filter more specific routes from updates. type: str choices: enable, disable
- aggregate_address6 - BGP IPv6 aggregate address table. type: list
- as_set - Enable/disable generate AS set path information. type: str choices: enable, disable
- id - ID. type: int required: True
- prefix6 - Aggregate IPv6 prefix. type: str
- summary_only - Enable/disable filter more specific routes from updates. type: str choices: enable, disable
- always_compare_med - Enable/disable always compare MED. type: str choices: enable, disable
- as - Router AS number, valid from 1 to 4294967295, 0 to disable BGP. type: int
- bestpath_as_path_ignore - Enable/disable ignore AS path. type: str choices: enable, disable
- bestpath_cmp_confed_aspath - Enable/disable compare federation AS path length. type: str choices: enable, disable
- bestpath_cmp_routerid - Enable/disable compare router ID for identical EBGP paths. type: str choices: enable, disable
- bestpath_med_confed - Enable/disable compare MED among confederation paths. type: str choices: enable, disable
- bestpath_med_missing_as_worst - Enable/disable treat missing MED as least preferred. type: str choices: enable, disable
- client_to_client_reflection - Enable/disable client-to-client route reflection. type: str choices: enable, disable
- cluster_id - Route reflector cluster ID. type: str
- confederation_identifier - Confederation identifier. type: int
- confederation_peers - Confederation peers. type: list
- peer - Peer ID. type: str required: True
- dampening - Enable/disable route-flap dampening. type: str choices: enable, disable
- dampening_max_suppress_time - Maximum minutes a route can be suppressed. type: int
- dampening_reachability_half_life - Reachability half-life time for penalty (min). type: int
- dampening_reuse - Threshold to reuse routes. type: int
- dampening_route_map - Criteria for dampening. Source router.route-map.name. type: str
- dampening_suppress - Threshold to suppress routes. type: int
- dampening_unreachability_half_life - Unreachability half-life time for penalty (min). type: int
- default_local_preference - Default local preference. type: int
- deterministic_med - Enable/disable enforce deterministic comparison of MED. type: str choices: enable, disable
- distance_external - Distance for routes external to the AS. type: int
- distance_internal - Distance for routes internal to the AS. type: int
- distance_local - Distance for routes local to the AS. type: int
- ebgp_multipath - Enable/disable EBGP multi-path. type: str choices: enable, disable
- enforce_first_as - Enable/disable enforce first AS for EBGP routes. type: str choices: enable, disable
- fast_external_failover - Enable/disable reset peer BGP session if link goes down. type: str choices: enable, disable
- graceful_end_on_timer - Enable/disable to exit graceful restart on timer only. type: str choices: enable, disable
- graceful_restart - Enable/disable BGP graceful restart capabilities. type: str choices: enable, disable
- graceful_restart_time - Time needed for neighbors to restart (sec). type: int
- graceful_stalepath_time - Time to hold stale paths of restarting neighbor (sec). type: int
- graceful_update_delay - Route advertisement/selection delay after restart (sec). type: int
- holdtime_timer - Number of seconds to mark peer as dead. type: int
- ibgp_multipath - Enable/disable IBGP multi-path. type: str choices: enable, disable
- ignore_optional_capability - Don"t send unknown optional capability notification message type: str choices: enable, disable
- keepalive_timer - Frequency to send keep alive requests. type: int
- log_neighbour_changes - Enable logging of BGP neighbour"s changes type: str choices: enable, disable
- neighbor - BGP neighbor table. type: list
- activate - Enable/disable address family IPv4 for this neighbor. type: str choices: enable, disable
- activate6 - Enable/disable address family IPv6 for this neighbor. type: str choices: enable, disable
- advertisement_interval - Minimum interval (sec) between sending updates. type: int
- allowas_in - IPv4 The maximum number of occurrence of my AS number allowed. type: int
- allowas_in_enable - Enable/disable IPv4 Enable to allow my AS in AS path. type: str choices: enable, disable
- allowas_in_enable6 - Enable/disable IPv6 Enable to allow my AS in AS path. type: str choices: enable, disable
- allowas_in6 - IPv6 The maximum number of occurrence of my AS number allowed. type: int
- as_override - Enable/disable replace peer AS with own AS for IPv4. type: str choices: enable, disable
- as_override6 - Enable/disable replace peer AS with own AS for IPv6. type: str choices: enable, disable
- attribute_unchanged - IPv4 List of attributes that should be unchanged. type: str choices: as-path, med, next-hop
- attribute_unchanged6 - IPv6 List of attributes that should be unchanged. type: str choices: as-path, med, next-hop
- bfd - Enable/disable BFD for this neighbor. type: str choices: enable, disable
- capability_default_originate - Enable/disable advertise default IPv4 route to this neighbor. type: str choices: enable, disable
- capability_default_originate6 - Enable/disable advertise default IPv6 route to this neighbor. type: str choices: enable, disable
- capability_dynamic - Enable/disable advertise dynamic capability to this neighbor. type: str choices: enable, disable
- capability_graceful_restart - Enable/disable advertise IPv4 graceful restart capability to this neighbor. type: str choices: enable, disable
- capability_graceful_restart6 - Enable/disable advertise IPv6 graceful restart capability to this neighbor. type: str choices: enable, disable
- capability_orf - Accept/Send IPv4 ORF lists to/from this neighbor. type: str choices: none, receive, send, both
- capability_orf6 - Accept/Send IPv6 ORF lists to/from this neighbor. type: str choices: none, receive, send, both
- capability_route_refresh - Enable/disable advertise route refresh capability to this neighbor. type: str choices: enable, disable
- conditional_advertise - Conditional advertisement. type: list
- advertise_routemap - Name of advertising route map. Source router.route-map.name. type: str
- condition_routemap - Name of condition route map. Source router.route-map.name. type: str
- condition_type - Type of condition. type: str choices: exist, non-exist
- connect_timer - Interval (sec) for connect timer. type: int
- default_originate_routemap - Route map to specify criteria to originate IPv4 default. Source router.route-map.name. type: str
- default_originate_routemap6 - Route map to specify criteria to originate IPv6 default. Source router.route-map.name. type: str
- description - Description. type: str
- distribute_list_in - Filter for IPv4 updates from this neighbor. Source router.access-list.name. type: str
- distribute_list_in6 - Filter for IPv6 updates from this neighbor. Source router.access-list6.name. type: str
- distribute_list_out - Filter for IPv4 updates to this neighbor. Source router.access-list.name. type: str
- distribute_list_out6 - Filter for IPv6 updates to this neighbor. Source router.access-list6.name. type: str
- dont_capability_negotiate - Don"t negotiate capabilities with this neighbor type: str choices: enable, disable
- ebgp_enforce_multihop - Enable/disable allow multi-hop EBGP neighbors. type: str choices: enable, disable
- ebgp_multihop_ttl - EBGP multihop TTL for this peer. type: int
- filter_list_in - BGP filter for IPv4 inbound routes. Source router.aspath-list.name. type: str
- filter_list_in6 - BGP filter for IPv6 inbound routes. Source router.aspath-list.name. type: str
- filter_list_out - BGP filter for IPv4 outbound routes. Source router.aspath-list.name. type: str
- filter_list_out6 - BGP filter for IPv6 outbound routes. Source router.aspath-list.name. type: str
- holdtime_timer - Interval (sec) before peer considered dead. type: int
- interface - Interface Source system.interface.name. type: str
- ip - IP/IPv6 address of neighbor. type: str required: True
- keep_alive_timer - Keep alive timer interval (sec). type: int
- link_down_failover - Enable/disable failover upon link down. type: str choices: enable, disable
- local_as - Local AS number of neighbor. type: int
- local_as_no_prepend - Do not prepend local-as to incoming updates. type: str choices: enable, disable
- local_as_replace_as - Replace real AS with local-as in outgoing updates. type: str choices: enable, disable
- maximum_prefix - Maximum number of IPv4 prefixes to accept from this peer. type: int
- maximum_prefix_threshold - Maximum IPv4 prefix threshold value (1 - 100 percent). type: int
- maximum_prefix_threshold6 - Maximum IPv6 prefix threshold value (1 - 100 percent). type: int
- maximum_prefix_warning_only - Enable/disable IPv4 Only give warning message when limit is exceeded. type: str choices: enable, disable
- maximum_prefix_warning_only6 - Enable/disable IPv6 Only give warning message when limit is exceeded. type: str choices: enable, disable
- maximum_prefix6 - Maximum number of IPv6 prefixes to accept from this peer. type: int
- next_hop_self - Enable/disable IPv4 next-hop calculation for this neighbor. type: str choices: enable, disable
- next_hop_self6 - Enable/disable IPv6 next-hop calculation for this neighbor. type: str choices: enable, disable
- override_capability - Enable/disable override result of capability negotiation. type: str choices: enable, disable
- passive - Enable/disable sending of open messages to this neighbor. type: str choices: enable, disable
- password - Password used in MD5 authentication. type: str
- prefix_list_in - IPv4 Inbound filter for updates from this neighbor. Source router.prefix-list.name. type: str
- prefix_list_in6 - IPv6 Inbound filter for updates from this neighbor. Source router.prefix-list6.name. type: str
- prefix_list_out - IPv4 Outbound filter for updates to this neighbor. Source router.prefix-list.name. type: str
- prefix_list_out6 - IPv6 Outbound filter for updates to this neighbor. Source router.prefix-list6.name. type: str
- remote_as - AS number of neighbor. type: int
- remove_private_as - Enable/disable remove private AS number from IPv4 outbound updates. type: str choices: enable, disable
- remove_private_as6 - Enable/disable remove private AS number from IPv6 outbound updates. type: str choices: enable, disable
- restart_time - Graceful restart delay time (sec, 0 = global default). type: int
- retain_stale_time - Time to retain stale routes. type: int
- route_map_in - IPv4 Inbound route map filter. Source router.route-map.name. type: str
- route_map_in6 - IPv6 Inbound route map filter. Source router.route-map.name. type: str
- route_map_out - IPv4 Outbound route map filter. Source router.route-map.name. type: str
- route_map_out6 - IPv6 Outbound route map filter. Source router.route-map.name. type: str
- route_reflector_client - Enable/disable IPv4 AS route reflector client. type: str choices: enable, disable
- route_reflector_client6 - Enable/disable IPv6 AS route reflector client. type: str choices: enable, disable
- route_server_client - Enable/disable IPv4 AS route server client. type: str choices: enable, disable
- route_server_client6 - Enable/disable IPv6 AS route server client. type: str choices: enable, disable
- send_community - IPv4 Send community attribute to neighbor. type: str choices: standard, extended, both, disable
- send_community6 - IPv6 Send community attribute to neighbor. type: str choices: standard, extended, both, disable
- shutdown - Enable/disable shutdown this neighbor. type: str choices: enable, disable
- soft_reconfiguration - Enable/disable allow IPv4 inbound soft reconfiguration. type: str choices: enable, disable
- soft_reconfiguration6 - Enable/disable allow IPv6 inbound soft reconfiguration. type: str choices: enable, disable
- stale_route - Enable/disable stale route after neighbor down. type: str choices: enable, disable
- strict_capability_match - Enable/disable strict capability matching. type: str choices: enable, disable
- unsuppress_map - IPv4 Route map to selectively unsuppress suppressed routes. Source router.route-map.name. type: str
- unsuppress_map6 - IPv6 Route map to selectively unsuppress suppressed routes. Source router.route-map.name. type: str
- update_source - Interface to use as source IP/IPv6 address of TCP connections. Source system.interface.name. type: str
- weight - Neighbor weight. type: int
- neighbor_group - BGP neighbor group table. type: list
- activate - Enable/disable address family IPv4 for this neighbor. type: str choices: enable, disable
- activate6 - Enable/disable address family IPv6 for this neighbor. type: str choices: enable, disable
- advertisement_interval - Minimum interval (sec) between sending updates. type: int
- allowas_in - IPv4 The maximum number of occurrence of my AS number allowed. type: int
- allowas_in_enable - Enable/disable IPv4 Enable to allow my AS in AS path. type: str choices: enable, disable
- allowas_in_enable6 - Enable/disable IPv6 Enable to allow my AS in AS path. type: str choices: enable, disable
- allowas_in6 - IPv6 The maximum number of occurrence of my AS number allowed. type: int
- as_override - Enable/disable replace peer AS with own AS for IPv4. type: str choices: enable, disable
- as_override6 - Enable/disable replace peer AS with own AS for IPv6. type: str choices: enable, disable
- attribute_unchanged - IPv4 List of attributes that should be unchanged. type: str choices: as-path, med, next-hop
- attribute_unchanged6 - IPv6 List of attributes that should be unchanged. type: str choices: as-path, med, next-hop
- bfd - Enable/disable BFD for this neighbor. type: str choices: enable, disable
- capability_default_originate - Enable/disable advertise default IPv4 route to this neighbor. type: str choices: enable, disable
- capability_default_originate6 - Enable/disable advertise default IPv6 route to this neighbor. type: str choices: enable, disable
- capability_dynamic - Enable/disable advertise dynamic capability to this neighbor. type: str choices: enable, disable
- capability_graceful_restart - Enable/disable advertise IPv4 graceful restart capability to this neighbor. type: str choices: enable, disable
- capability_graceful_restart6 - Enable/disable advertise IPv6 graceful restart capability to this neighbor. type: str choices: enable, disable
- capability_orf - Accept/Send IPv4 ORF lists to/from this neighbor. type: str choices: none, receive, send, both
- capability_orf6 - Accept/Send IPv6 ORF lists to/from this neighbor. type: str choices: none, receive, send, both
- capability_route_refresh - Enable/disable advertise route refresh capability to this neighbor. type: str choices: enable, disable
- connect_timer - Interval (sec) for connect timer. type: int
- default_originate_routemap - Route map to specify criteria to originate IPv4 default. Source router.route-map.name. type: str
- default_originate_routemap6 - Route map to specify criteria to originate IPv6 default. Source router.route-map.name. type: str
- description - Description. type: str
- distribute_list_in - Filter for IPv4 updates from this neighbor. Source router.access-list.name. type: str
- distribute_list_in6 - Filter for IPv6 updates from this neighbor. Source router.access-list6.name. type: str
- distribute_list_out - Filter for IPv4 updates to this neighbor. Source router.access-list.name. type: str
- distribute_list_out6 - Filter for IPv6 updates to this neighbor. Source router.access-list6.name. type: str
- dont_capability_negotiate - Don"t negotiate capabilities with this neighbor type: str choices: enable, disable
- ebgp_enforce_multihop - Enable/disable allow multi-hop EBGP neighbors. type: str choices: enable, disable
- ebgp_multihop_ttl - EBGP multihop TTL for this peer. type: int
- filter_list_in - BGP filter for IPv4 inbound routes. Source router.aspath-list.name. type: str
- filter_list_in6 - BGP filter for IPv6 inbound routes. Source router.aspath-list.name. type: str
- filter_list_out - BGP filter for IPv4 outbound routes. Source router.aspath-list.name. type: str
- filter_list_out6 - BGP filter for IPv6 outbound routes. Source router.aspath-list.name. type: str
- holdtime_timer - Interval (sec) before peer considered dead. type: int
- interface - Interface Source system.interface.name. type: str
- keep_alive_timer - Keep alive timer interval (sec). type: int
- link_down_failover - Enable/disable failover upon link down. type: str choices: enable, disable
- local_as - Local AS number of neighbor. type: int
- local_as_no_prepend - Do not prepend local-as to incoming updates. type: str choices: enable, disable
- local_as_replace_as - Replace real AS with local-as in outgoing updates. type: str choices: enable, disable
- maximum_prefix - Maximum number of IPv4 prefixes to accept from this peer. type: int
- maximum_prefix_threshold - Maximum IPv4 prefix threshold value (1 - 100 percent). type: int
- maximum_prefix_threshold6 - Maximum IPv6 prefix threshold value (1 - 100 percent). type: int
- maximum_prefix_warning_only - Enable/disable IPv4 Only give warning message when limit is exceeded. type: str choices: enable, disable
- maximum_prefix_warning_only6 - Enable/disable IPv6 Only give warning message when limit is exceeded. type: str choices: enable, disable
- maximum_prefix6 - Maximum number of IPv6 prefixes to accept from this peer. type: int
- name - Neighbor group name. type: str required: True
- next_hop_self - Enable/disable IPv4 next-hop calculation for this neighbor. type: str choices: enable, disable
- next_hop_self6 - Enable/disable IPv6 next-hop calculation for this neighbor. type: str choices: enable, disable
- override_capability - Enable/disable override result of capability negotiation. type: str choices: enable, disable
- passive - Enable/disable sending of open messages to this neighbor. type: str choices: enable, disable
- prefix_list_in - IPv4 Inbound filter for updates from this neighbor. Source router.prefix-list.name. type: str
- prefix_list_in6 - IPv6 Inbound filter for updates from this neighbor. Source router.prefix-list6.name. type: str
- prefix_list_out - IPv4 Outbound filter for updates to this neighbor. Source router.prefix-list.name. type: str
- prefix_list_out6 - IPv6 Outbound filter for updates to this neighbor. Source router.prefix-list6.name. type: str
- remote_as - AS number of neighbor. type: int
- remove_private_as - Enable/disable remove private AS number from IPv4 outbound updates. type: str choices: enable, disable
- remove_private_as6 - Enable/disable remove private AS number from IPv6 outbound updates. type: str choices: enable, disable
- restart_time - Graceful restart delay time (sec, 0 = global default). type: int
- retain_stale_time - Time to retain stale routes. type: int
- route_map_in - IPv4 Inbound route map filter. Source router.route-map.name. type: str
- route_map_in6 - IPv6 Inbound route map filter. Source router.route-map.name. type: str
- route_map_out - IPv4 Outbound route map filter. Source router.route-map.name. type: str
- route_map_out6 - IPv6 Outbound route map filter. Source router.route-map.name. type: str
- route_reflector_client - Enable/disable IPv4 AS route reflector client. type: str choices: enable, disable
- route_reflector_client6 - Enable/disable IPv6 AS route reflector client. type: str choices: enable, disable
- route_server_client - Enable/disable IPv4 AS route server client. type: str choices: enable, disable
- route_server_client6 - Enable/disable IPv6 AS route server client. type: str choices: enable, disable
- send_community - IPv4 Send community attribute to neighbor. type: str choices: standard, extended, both, disable
- send_community6 - IPv6 Send community attribute to neighbor. type: str choices: standard, extended, both, disable
- shutdown - Enable/disable shutdown this neighbor. type: str choices: enable, disable
- soft_reconfiguration - Enable/disable allow IPv4 inbound soft reconfiguration. type: str choices: enable, disable
- soft_reconfiguration6 - Enable/disable allow IPv6 inbound soft reconfiguration. type: str choices: enable, disable
- stale_route - Enable/disable stale route after neighbor down. type: str choices: enable, disable
- strict_capability_match - Enable/disable strict capability matching. type: str choices: enable, disable
- unsuppress_map - IPv4 Route map to selectively unsuppress suppressed routes. Source router.route-map.name. type: str
- unsuppress_map6 - IPv6 Route map to selectively unsuppress suppressed routes. Source router.route-map.name. type: str
- update_source - Interface to use as source IP/IPv6 address of TCP connections. Source system.interface.name. type: str
- weight - Neighbor weight. type: int
- neighbor_range - BGP neighbor range table. type: list
- id - Neighbor range ID. type: int required: True
- max_neighbor_num - Maximum number of neighbors. type: int
- neighbor_group - Neighbor group name. Source router.bgp.neighbor-group.name. type: str
- prefix - Neighbor range prefix. type: str
- neighbor_range6 - BGP IPv6 neighbor range table. type: list
- id - IPv6 neighbor range ID. type: int required: True
- max_neighbor_num - Maximum number of neighbors. type: int
- neighbor_group - Neighbor group name. Source router.bgp.neighbor-group.name. type: str
- prefix6 - IPv6 prefix. type: str
- network - BGP network table. type: list
- backdoor - Enable/disable route as backdoor. type: str choices: enable, disable
- id - ID. type: int required: True
- prefix - Network prefix. type: str
- route_map - Route map to modify generated route. Source router.route-map.name. type: str
- network_import_check - Enable/disable ensure BGP network route exists in IGP. type: str choices: enable, disable
- network6 - BGP IPv6 network table. type: list
- backdoor - Enable/disable route as backdoor. type: str choices: enable, disable
- id - ID. type: int required: True
- prefix6 - Network IPv6 prefix. type: str
- route_map - Route map to modify generated route. Source router.route-map.name. type: str
- redistribute - BGP IPv4 redistribute table. type: list
- name - Distribute list entry name. type: str required: True
- route_map - Route map name. Source router.route-map.name. type: str
- status - Status type: str choices: enable, disable
- redistribute6 - BGP IPv6 redistribute table. type: list
- name - Distribute list entry name. type: str required: True
- route_map - Route map name. Source router.route-map.name. type: str
- status - Status type: str choices: enable, disable
- router_id - Router ID. type: str
- scan_time - Background scanner interval (sec), 0 to disable it. type: int
- synchronization - Enable/disable only advertise routes from iBGP if routes present in an IGP. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure BGP.
fortios_router_bgp:
vdom: "{{ vdom }}"
router_bgp:
admin_distance:
-
distance: "4"
id: "5"
neighbour_prefix: "<your_own_value>"
route_list: "<your_own_value> (source router.access-list.name)"
aggregate_address:
-
as_set: "enable"
id: "10"
prefix: "<your_own_value>"
summary_only: "enable"
aggregate_address6:
-
as_set: "enable"
id: "15"
prefix6: "<your_own_value>"
summary_only: "enable"
always_compare_med: "enable"
as: "19"
bestpath_as_path_ignore: "enable"
bestpath_cmp_confed_aspath: "enable"
bestpath_cmp_routerid: "enable"
bestpath_med_confed: "enable"
bestpath_med_missing_as_worst: "enable"
client_to_client_reflection: "enable"
cluster_id: "<your_own_value>"
confederation_identifier: "27"
confederation_peers:
-
peer: "<your_own_value>"
dampening: "enable"
dampening_max_suppress_time: "31"
dampening_reachability_half_life: "32"
dampening_reuse: "33"
dampening_route_map: "<your_own_value> (source router.route-map.name)"
dampening_suppress: "35"
dampening_unreachability_half_life: "36"
default_local_preference: "37"
deterministic_med: "enable"
distance_external: "39"
distance_internal: "40"
distance_local: "41"
ebgp_multipath: "enable"
enforce_first_as: "enable"
fast_external_failover: "enable"
graceful_end_on_timer: "enable"
graceful_restart: "enable"
graceful_restart_time: "47"
graceful_stalepath_time: "48"
graceful_update_delay: "49"
holdtime_timer: "50"
ibgp_multipath: "enable"
ignore_optional_capability: "enable"
keepalive_timer: "53"
log_neighbour_changes: "enable"
neighbor:
-
activate: "enable"
activate6: "enable"
advertisement_interval: "58"
allowas_in: "59"
allowas_in_enable: "enable"
allowas_in_enable6: "enable"
allowas_in6: "62"
as_override: "enable"
as_override6: "enable"
attribute_unchanged: "as-path"
attribute_unchanged6: "as-path"
bfd: "enable"
capability_default_originate: "enable"
capability_default_originate6: "enable"
capability_dynamic: "enable"
capability_graceful_restart: "enable"
capability_graceful_restart6: "enable"
capability_orf: "none"
capability_orf6: "none"
capability_route_refresh: "enable"
conditional_advertise:
-
advertise_routemap: "<your_own_value> (source router.route-map.name)"
condition_routemap: "<your_own_value> (source router.route-map.name)"
condition_type: "exist"
connect_timer: "80"
default_originate_routemap: "<your_own_value> (source router.route-map.name)"
default_originate_routemap6: "<your_own_value> (source router.route-map.name)"
description: "<your_own_value>"
distribute_list_in: "<your_own_value> (source router.access-list.name)"
distribute_list_in6: "<your_own_value> (source router.access-list6.name)"
distribute_list_out: "<your_own_value> (source router.access-list.name)"
distribute_list_out6: "<your_own_value> (source router.access-list6.name)"
dont_capability_negotiate: "enable"
ebgp_enforce_multihop: "enable"
ebgp_multihop_ttl: "90"
filter_list_in: "<your_own_value> (source router.aspath-list.name)"
filter_list_in6: "<your_own_value> (source router.aspath-list.name)"
filter_list_out: "<your_own_value> (source router.aspath-list.name)"
filter_list_out6: "<your_own_value> (source router.aspath-list.name)"
holdtime_timer: "95"
interface: "<your_own_value> (source system.interface.name)"
ip: "<your_own_value>"
keep_alive_timer: "98"
link_down_failover: "enable"
local_as: "100"
local_as_no_prepend: "enable"
local_as_replace_as: "enable"
maximum_prefix: "103"
maximum_prefix_threshold: "104"
maximum_prefix_threshold6: "105"
maximum_prefix_warning_only: "enable"
maximum_prefix_warning_only6: "enable"
maximum_prefix6: "108"
next_hop_self: "enable"
next_hop_self6: "enable"
override_capability: "enable"
passive: "enable"
password: "<your_own_value>"
prefix_list_in: "<your_own_value> (source router.prefix-list.name)"
prefix_list_in6: "<your_own_value> (source router.prefix-list6.name)"
prefix_list_out: "<your_own_value> (source router.prefix-list.name)"
prefix_list_out6: "<your_own_value> (source router.prefix-list6.name)"
remote_as: "118"
remove_private_as: "enable"
remove_private_as6: "enable"
restart_time: "121"
retain_stale_time: "122"
route_map_in: "<your_own_value> (source router.route-map.name)"
route_map_in6: "<your_own_value> (source router.route-map.name)"
route_map_out: "<your_own_value> (source router.route-map.name)"
route_map_out6: "<your_own_value> (source router.route-map.name)"
route_reflector_client: "enable"
route_reflector_client6: "enable"
route_server_client: "enable"
route_server_client6: "enable"
send_community: "standard"
send_community6: "standard"
shutdown: "enable"
soft_reconfiguration: "enable"
soft_reconfiguration6: "enable"
stale_route: "enable"
strict_capability_match: "enable"
unsuppress_map: "<your_own_value> (source router.route-map.name)"
unsuppress_map6: "<your_own_value> (source router.route-map.name)"
update_source: "<your_own_value> (source system.interface.name)"
weight: "141"
neighbor_group:
-
activate: "enable"
activate6: "enable"
advertisement_interval: "145"
allowas_in: "146"
allowas_in_enable: "enable"
allowas_in_enable6: "enable"
allowas_in6: "149"
as_override: "enable"
as_override6: "enable"
attribute_unchanged: "as-path"
attribute_unchanged6: "as-path"
bfd: "enable"
capability_default_originate: "enable"
capability_default_originate6: "enable"
capability_dynamic: "enable"
capability_graceful_restart: "enable"
capability_graceful_restart6: "enable"
capability_orf: "none"
capability_orf6: "none"
capability_route_refresh: "enable"
connect_timer: "163"
default_originate_routemap: "<your_own_value> (source router.route-map.name)"
default_originate_routemap6: "<your_own_value> (source router.route-map.name)"
description: "<your_own_value>"
distribute_list_in: "<your_own_value> (source router.access-list.name)"
distribute_list_in6: "<your_own_value> (source router.access-list6.name)"
distribute_list_out: "<your_own_value> (source router.access-list.name)"
distribute_list_out6: "<your_own_value> (source router.access-list6.name)"
dont_capability_negotiate: "enable"
ebgp_enforce_multihop: "enable"
ebgp_multihop_ttl: "173"
filter_list_in: "<your_own_value> (source router.aspath-list.name)"
filter_list_in6: "<your_own_value> (source router.aspath-list.name)"
filter_list_out: "<your_own_value> (source router.aspath-list.name)"
filter_list_out6: "<your_own_value> (source router.aspath-list.name)"
holdtime_timer: "178"
interface: "<your_own_value> (source system.interface.name)"
keep_alive_timer: "180"
link_down_failover: "enable"
local_as: "182"
local_as_no_prepend: "enable"
local_as_replace_as: "enable"
maximum_prefix: "185"
maximum_prefix_threshold: "186"
maximum_prefix_threshold6: "187"
maximum_prefix_warning_only: "enable"
maximum_prefix_warning_only6: "enable"
maximum_prefix6: "190"
name: "default_name_191"
next_hop_self: "enable"
next_hop_self6: "enable"
override_capability: "enable"
passive: "enable"
prefix_list_in: "<your_own_value> (source router.prefix-list.name)"
prefix_list_in6: "<your_own_value> (source router.prefix-list6.name)"
prefix_list_out: "<your_own_value> (source router.prefix-list.name)"
prefix_list_out6: "<your_own_value> (source router.prefix-list6.name)"
remote_as: "200"
remove_private_as: "enable"
remove_private_as6: "enable"
restart_time: "203"
retain_stale_time: "204"
route_map_in: "<your_own_value> (source router.route-map.name)"
route_map_in6: "<your_own_value> (source router.route-map.name)"
route_map_out: "<your_own_value> (source router.route-map.name)"
route_map_out6: "<your_own_value> (source router.route-map.name)"
route_reflector_client: "enable"
route_reflector_client6: "enable"
route_server_client: "enable"
route_server_client6: "enable"
send_community: "standard"
send_community6: "standard"
shutdown: "enable"
soft_reconfiguration: "enable"
soft_reconfiguration6: "enable"
stale_route: "enable"
strict_capability_match: "enable"
unsuppress_map: "<your_own_value> (source router.route-map.name)"
unsuppress_map6: "<your_own_value> (source router.route-map.name)"
update_source: "<your_own_value> (source system.interface.name)"
weight: "223"
neighbor_range:
-
id: "225"
max_neighbor_num: "226"
neighbor_group: "<your_own_value> (source router.bgp.neighbor-group.name)"
prefix: "<your_own_value>"
neighbor_range6:
-
id: "230"
max_neighbor_num: "231"
neighbor_group: "<your_own_value> (source router.bgp.neighbor-group.name)"
prefix6: "<your_own_value>"
network:
-
backdoor: "enable"
id: "236"
prefix: "<your_own_value>"
route_map: "<your_own_value> (source router.route-map.name)"
network_import_check: "enable"
network6:
-
backdoor: "enable"
id: "242"
prefix6: "<your_own_value>"
route_map: "<your_own_value> (source router.route-map.name)"
redistribute:
-
name: "default_name_246"
route_map: "<your_own_value> (source router.route-map.name)"
status: "enable"
redistribute6:
-
name: "default_name_250"
route_map: "<your_own_value> (source router.route-map.name)"
status: "enable"
router_id: "<your_own_value>"
scan_time: "254"
synchronization: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_router_community_list – Configure community lists in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and community_list category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- router_community_list - Configure community lists. type: dict
- name - Community list name. type: str required: True
- rule - Community list rule. type: list
- action - Permit or deny route-based operations, based on the route"s COMMUNITY attribute. type: str choices: deny, permit
- id - ID. type: int required: True
- match - Community specifications for matching a reserved community. type: str
- regexp - Ordered list of COMMUNITY attributes as a regular expression. type: str
- type - Community list type (standard or expanded). type: str choices: standard, expanded
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure community lists.
fortios_router_community_list:
vdom: "{{ vdom }}"
state: "present"
router_community_list:
name: "default_name_3"
rule:
-
action: "deny"
id: "6"
match: "<your_own_value>"
regexp: "<your_own_value>"
type: "standard"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_router_isis – Configure IS-IS in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and isis category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- router_isis - Configure IS-IS. type: dict
- adjacency_check - Enable/disable adjacency check. type: str choices: enable, disable
- adjacency_check6 - Enable/disable IPv6 adjacency check. type: str choices: enable, disable
- adv_passive_only - Enable/disable IS-IS advertisement of passive interfaces only. type: str choices: enable, disable
- adv_passive_only6 - Enable/disable IPv6 IS-IS advertisement of passive interfaces only. type: str choices: enable, disable
- auth_keychain_l1 - Authentication key-chain for level 1 PDUs. Source router.key-chain.name. type: str
- auth_keychain_l2 - Authentication key-chain for level 2 PDUs. Source router.key-chain.name. type: str
- auth_mode_l1 - Level 1 authentication mode. type: str choices: password, md5
- auth_mode_l2 - Level 2 authentication mode. type: str choices: password, md5
- auth_password_l1 - Authentication password for level 1 PDUs. type: str
- auth_password_l2 - Authentication password for level 2 PDUs. type: str
- auth_sendonly_l1 - Enable/disable level 1 authentication send-only. type: str choices: enable, disable
- auth_sendonly_l2 - Enable/disable level 2 authentication send-only. type: str choices: enable, disable
- default_originate - Enable/disable distribution of default route information. type: str choices: enable, disable
- default_originate6 - Enable/disable distribution of default IPv6 route information. type: str choices: enable, disable
- dynamic_hostname - Enable/disable dynamic hostname. type: str choices: enable, disable
- ignore_lsp_errors - Enable/disable ignoring of LSP errors with bad checksums. type: str choices: enable, disable
- is_type - IS type. type: str choices: level-1-2, level-1, level-2-only
- isis_interface - IS-IS interface configuration. type: list
- auth_keychain_l1 - Authentication key-chain for level 1 PDUs. Source router.key-chain.name. type: str
- auth_keychain_l2 - Authentication key-chain for level 2 PDUs. Source router.key-chain.name. type: str
- auth_mode_l1 - Level 1 authentication mode. type: str choices: md5, password
- auth_mode_l2 - Level 2 authentication mode. type: str choices: md5, password
- auth_password_l1 - Authentication password for level 1 PDUs. type: str
- auth_password_l2 - Authentication password for level 2 PDUs. type: str
- auth_send_only_l1 - Enable/disable authentication send-only for level 1 PDUs. type: str choices: enable, disable
- auth_send_only_l2 - Enable/disable authentication send-only for level 2 PDUs. type: str choices: enable, disable
- circuit_type - IS-IS interface"s circuit type type: str choices: level-1-2, level-1, level-2
- csnp_interval_l1 - Level 1 CSNP interval. type: int
- csnp_interval_l2 - Level 2 CSNP interval. type: int
- hello_interval_l1 - Level 1 hello interval. type: int
- hello_interval_l2 - Level 2 hello interval. type: int
- hello_multiplier_l1 - Level 1 multiplier for Hello holding time. type: int
- hello_multiplier_l2 - Level 2 multiplier for Hello holding time. type: int
- hello_padding - Enable/disable padding to IS-IS hello packets. type: str choices: enable, disable
- lsp_interval - LSP transmission interval (milliseconds). type: int
- lsp_retransmit_interval - LSP retransmission interval (sec). type: int
- mesh_group - Enable/disable IS-IS mesh group. type: str choices: enable, disable
- mesh_group_id - Mesh group ID <0-4294967295>, 0: mesh-group blocked. type: int
- metric_l1 - Level 1 metric for interface. type: int
- metric_l2 - Level 2 metric for interface. type: int
- name - IS-IS interface name. Source system.interface.name. type: str required: True
- network_type - IS-IS interface"s network type type: str choices: broadcast, point-to-point, loopback
- priority_l1 - Level 1 priority. type: int
- priority_l2 - Level 2 priority. type: int
- status - Enable/disable interface for IS-IS. type: str choices: enable, disable
- status6 - Enable/disable IPv6 interface for IS-IS. type: str choices: enable, disable
- wide_metric_l1 - Level 1 wide metric for interface. type: int
- wide_metric_l2 - Level 2 wide metric for interface. type: int
- isis_net - IS-IS net configuration. type: list
- id - isis-net ID. type: int required: True
- net - IS-IS net xx.xxxx. ... .xxxx.xx. type: str
- lsp_gen_interval_l1 - Minimum interval for level 1 LSP regenerating. type: int
- lsp_gen_interval_l2 - Minimum interval for level 2 LSP regenerating. type: int
- lsp_refresh_interval - LSP refresh time in seconds. type: int
- max_lsp_lifetime - Maximum LSP lifetime in seconds. type: int
- metric_style - Use old-style (ISO 10589) or new-style packet formats type: str choices: narrow, wide, transition, narrow-transition, narrow-transition-l1, narrow-transition-l2, wide-l1, wide-l2, wide-transition, wide-transition-l1, wide-transition-l2, transition-l1, transition-l2
- overload_bit - Enable/disable signal other routers not to use us in SPF. type: str choices: enable, disable
- overload_bit_on_startup - Overload-bit only temporarily after reboot. type: int
- overload_bit_suppress - Suppress overload-bit for the specific prefixes. type: str choices: external, interlevel
- redistribute - IS-IS redistribute protocols. type: list
- level - Level. type: str choices: level-1-2, level-1, level-2
- metric - Metric. type: int
- metric_type - Metric type. type: str choices: external, internal
- protocol - Protocol name. type: str required: True
- routemap - Route map name. Source router.route-map.name. type: str
- status - Status. type: str choices: enable, disable
- redistribute_l1 - Enable/disable redistribution of level 1 routes into level 2. type: str choices: enable, disable
- redistribute_l1_list - Access-list for route redistribution from l1 to l2. Source router.access-list.name. type: str
- redistribute_l2 - Enable/disable redistribution of level 2 routes into level 1. type: str choices: enable, disable
- redistribute_l2_list - Access-list for route redistribution from l2 to l1. Source router.access-list.name. type: str
- redistribute6 - IS-IS IPv6 redistribution for routing protocols. type: list
- level - Level. type: str choices: level-1-2, level-1, level-2
- metric - Metric. type: int
- metric_type - Metric type. type: str choices: external, internal
- protocol - Protocol name. type: str required: True
- routemap - Route map name. Source router.route-map.name. type: str
- status - Enable/disable redistribution. type: str choices: enable, disable
- redistribute6_l1 - Enable/disable redistribution of level 1 IPv6 routes into level 2. type: str choices: enable, disable
- redistribute6_l1_list - Access-list for IPv6 route redistribution from l1 to l2. Source router.access-list6.name. type: str
- redistribute6_l2 - Enable/disable redistribution of level 2 IPv6 routes into level 1. type: str choices: enable, disable
- redistribute6_l2_list - Access-list for IPv6 route redistribution from l2 to l1. Source router.access-list6.name. type: str
- spf_interval_exp_l1 - Level 1 SPF calculation delay. type: str
- spf_interval_exp_l2 - Level 2 SPF calculation delay. type: str
- summary_address - IS-IS summary addresses. type: list
- id - Summary address entry ID. type: int required: True
- level - Level. type: str choices: level-1-2, level-1, level-2
- prefix - Prefix. type: str
- summary_address6 - IS-IS IPv6 summary address. type: list
- id - Prefix entry ID. type: int required: True
- level - Level. type: str choices: level-1-2, level-1, level-2
- prefix6 - IPv6 prefix. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IS-IS.
fortios_router_isis:
vdom: "{{ vdom }}"
router_isis:
adjacency_check: "enable"
adjacency_check6: "enable"
adv_passive_only: "enable"
adv_passive_only6: "enable"
auth_keychain_l1: "<your_own_value> (source router.key-chain.name)"
auth_keychain_l2: "<your_own_value> (source router.key-chain.name)"
auth_mode_l1: "password"
auth_mode_l2: "password"
auth_password_l1: "<your_own_value>"
auth_password_l2: "<your_own_value>"
auth_sendonly_l1: "enable"
auth_sendonly_l2: "enable"
default_originate: "enable"
default_originate6: "enable"
dynamic_hostname: "enable"
ignore_lsp_errors: "enable"
is_type: "level-1-2"
isis_interface:
-
auth_keychain_l1: "<your_own_value> (source router.key-chain.name)"
auth_keychain_l2: "<your_own_value> (source router.key-chain.name)"
auth_mode_l1: "md5"
auth_mode_l2: "md5"
auth_password_l1: "<your_own_value>"
auth_password_l2: "<your_own_value>"
auth_send_only_l1: "enable"
auth_send_only_l2: "enable"
circuit_type: "level-1-2"
csnp_interval_l1: "30"
csnp_interval_l2: "31"
hello_interval_l1: "32"
hello_interval_l2: "33"
hello_multiplier_l1: "34"
hello_multiplier_l2: "35"
hello_padding: "enable"
lsp_interval: "37"
lsp_retransmit_interval: "38"
mesh_group: "enable"
mesh_group_id: "40"
metric_l1: "41"
metric_l2: "42"
name: "default_name_43 (source system.interface.name)"
network_type: "broadcast"
priority_l1: "45"
priority_l2: "46"
status: "enable"
status6: "enable"
wide_metric_l1: "49"
wide_metric_l2: "50"
isis_net:
-
id: "52"
net: "<your_own_value>"
lsp_gen_interval_l1: "54"
lsp_gen_interval_l2: "55"
lsp_refresh_interval: "56"
max_lsp_lifetime: "57"
metric_style: "narrow"
overload_bit: "enable"
overload_bit_on_startup: "60"
overload_bit_suppress: "external"
redistribute:
-
level: "level-1-2"
metric: "64"
metric_type: "external"
protocol: "<your_own_value>"
routemap: "<your_own_value> (source router.route-map.name)"
status: "enable"
redistribute_l1: "enable"
redistribute_l1_list: "<your_own_value> (source router.access-list.name)"
redistribute_l2: "enable"
redistribute_l2_list: "<your_own_value> (source router.access-list.name)"
redistribute6:
-
level: "level-1-2"
metric: "75"
metric_type: "external"
protocol: "<your_own_value>"
routemap: "<your_own_value> (source router.route-map.name)"
status: "enable"
redistribute6_l1: "enable"
redistribute6_l1_list: "<your_own_value> (source router.access-list6.name)"
redistribute6_l2: "enable"
redistribute6_l2_list: "<your_own_value> (source router.access-list6.name)"
spf_interval_exp_l1: "<your_own_value>"
spf_interval_exp_l2: "<your_own_value>"
summary_address:
-
id: "87"
level: "level-1-2"
prefix: "<your_own_value>"
summary_address6:
-
id: "91"
level: "level-1-2"
prefix6: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_router_key_chain – Configure key-chain in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and key_chain category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- router_key_chain - Configure key-chain. type: dict
- key - Configuration method to edit key settings. type: list
- accept_lifetime - Lifetime of received authentication key (format: hh:mm:ss day month year). type: str
- id - Key ID (0 - 2147483647). type: str required: True
- key_string - Password for the key (max. = 35 characters). type: str
- send_lifetime - Lifetime of sent authentication key (format: hh:mm:ss day month year). type: str
- name - Key-chain name. type: str required: True
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure key-chain.
fortios_router_key_chain:
vdom: "{{ vdom }}"
state: "present"
router_key_chain:
key:
-
accept_lifetime: "<your_own_value>"
id: "5"
key_string: "<your_own_value>"
send_lifetime: "<your_own_value>"
name: "default_name_8"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_router_multicast – Configure router multicast in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and multicast category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- router_multicast - Configure router multicast. type: dict
- interface - PIM interfaces. type: list
- bfd - Enable/disable Protocol Independent Multicast (PIM) Bidirectional Forwarding Detection (BFD). type: str choices: enable, disable
- cisco_exclude_genid - Exclude GenID from hello packets (compatibility with old Cisco IOS). type: str choices: enable, disable
- dr_priority - DR election priority. type: int
- hello_holdtime - Time before old neighbor information expires (0 - 65535 sec). type: int
- hello_interval - Interval between sending PIM hello messages (0 - 65535 sec). type: int
- igmp - IGMP configuration options. type: dict
- access_group - Groups IGMP hosts are allowed to join. Source router.access-list.name. type: str
- immediate_leave_group - Groups to drop membership for immediately after receiving IGMPv2 leave. Source router.access-list.name. type: str
- last_member_query_count - Number of group specific queries before removing group (2 - 7). type: int
- last_member_query_interval - Timeout between IGMPv2 leave and removing group (1 - 65535 msec). type: int
- query_interval - Interval between queries to IGMP hosts (1 - 65535 sec). type: int
- query_max_response_time - Maximum time to wait for a IGMP query response (1 - 25 sec). type: int
- query_timeout - Timeout between queries before becoming querier for network (60 - 900). type: int
- router_alert_check - Enable/disable require IGMP packets contain router alert option. type: str choices: enable, disable
- version - Maximum version of IGMP to support. type: str choices: 3, 2, 1
- join_group - Join multicast groups. type: list
- address - Multicast group IP address. type: str required: True
- multicast_flow - Acceptable source for multicast group. Source router.multicast-flow.name. type: str
- name - Interface name. Source system.interface.name. type: str required: True
- neighbour_filter - Routers acknowledged as neighbor routers. Source router.access-list.name. type: str
- passive - Enable/disable listening to IGMP but not participating in PIM. type: str choices: enable, disable
- pim_mode - PIM operation mode. type: str choices: sparse-mode, dense-mode
- propagation_delay - Delay flooding packets on this interface (100 - 5000 msec). type: int
- rp_candidate - Enable/disable compete to become RP in elections. type: str choices: enable, disable
- rp_candidate_group - Multicast groups managed by this RP. Source router.access-list.name. type: str
- rp_candidate_interval - RP candidate advertisement interval (1 - 16383 sec). type: int
- rp_candidate_priority - Router"s priority as RP. type: int
- state_refresh_interval - Interval between sending state-refresh packets (1 - 100 sec). type: int
- static_group - Statically set multicast groups to forward out. Source router.multicast-flow.name. type: str
- ttl_threshold - Minimum TTL of multicast packets that will be forwarded (applied only to new multicast routes) (1 - 255). type: int
- multicast_routing - Enable/disable IP multicast routing. type: str choices: enable, disable
- pim_sm_global - PIM sparse-mode global settings. type: dict
- accept_register_list - Sources allowed to register packets with this Rendezvous Point (RP). Source router.access-list.name. type: str
- accept_source_list - Sources allowed to send multicast traffic. Source router.access-list.name. type: str
- bsr_allow_quick_refresh - Enable/disable accept BSR quick refresh packets from neighbors. type: str choices: enable, disable
- bsr_candidate - Enable/disable allowing this router to become a bootstrap router (BSR). type: str choices: enable, disable
- bsr_hash - BSR hash length (0 - 32). type: int
- bsr_interface - Interface to advertise as candidate BSR. Source system.interface.name. type: str
- bsr_priority - BSR priority (0 - 255). type: int
- cisco_crp_prefix - Enable/disable making candidate RP compatible with old Cisco IOS. type: str choices: enable, disable
- cisco_ignore_rp_set_priority - Use only hash for RP selection (compatibility with old Cisco IOS). type: str choices: enable, disable
- cisco_register_checksum - Checksum entire register packet(for old Cisco IOS compatibility). type: str choices: enable, disable
- cisco_register_checksum_group - Cisco register checksum only these groups. Source router.access-list.name. type: str
- join_prune_holdtime - Join/prune holdtime (1 - 65535). type: int
- message_interval - Period of time between sending periodic PIM join/prune messages in seconds (1 - 65535). type: int
- null_register_retries - Maximum retries of null register (1 - 20). type: int
- register_rate_limit - Limit of packets/sec per source registered through this RP (0 - 65535). type: int
- register_rp_reachability - Enable/disable check RP is reachable before registering packets. type: str choices: enable, disable
- register_source - Override source address in register packets. type: str choices: disable, interface, ip-address
- register_source_interface - Override with primary interface address. Source system.interface.name. type: str
- register_source_ip - Override with local IP address. type: str
- register_supression - Period of time to honor register-stop message (1 - 65535 sec). type: int
- rp_address - Statically configure RP addresses. type: list
- group - Groups to use this RP. Source router.access-list.name. type: str
- id - ID. type: int required: True
- ip_address - RP router address. type: str
- rp_register_keepalive - Timeout for RP receiving data on (S,G) tree (1 - 65535 sec). type: int
- spt_threshold - Enable/disable switching to source specific trees. type: str choices: enable, disable
- spt_threshold_group - Groups allowed to switch to source tree. Source router.access-list.name. type: str
- ssm - Enable/disable source specific multicast. type: str choices: enable, disable
- ssm_range - Groups allowed to source specific multicast. Source router.access-list.name. type: str
- route_limit - Maximum number of multicast routes. type: int
- route_threshold - Generate warnings when the number of multicast routes exceeds this number, must not be greater than route-limit. type: int
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure router multicast.
fortios_router_multicast:
vdom: "{{ vdom }}"
router_multicast:
interface:
-
bfd: "enable"
cisco_exclude_genid: "enable"
dr_priority: "6"
hello_holdtime: "7"
hello_interval: "8"
igmp:
access_group: "<your_own_value> (source router.access-list.name)"
immediate_leave_group: "<your_own_value> (source router.access-list.name)"
last_member_query_count: "12"
last_member_query_interval: "13"
query_interval: "14"
query_max_response_time: "15"
query_timeout: "16"
router_alert_check: "enable"
version: "3"
join_group:
-
address: "<your_own_value>"
multicast_flow: "<your_own_value> (source router.multicast-flow.name)"
name: "default_name_22 (source system.interface.name)"
neighbour_filter: "<your_own_value> (source router.access-list.name)"
passive: "enable"
pim_mode: "sparse-mode"
propagation_delay: "26"
rp_candidate: "enable"
rp_candidate_group: "<your_own_value> (source router.access-list.name)"
rp_candidate_interval: "29"
rp_candidate_priority: "30"
state_refresh_interval: "31"
static_group: "<your_own_value> (source router.multicast-flow.name)"
ttl_threshold: "33"
multicast_routing: "enable"
pim_sm_global:
accept_register_list: "<your_own_value> (source router.access-list.name)"
accept_source_list: "<your_own_value> (source router.access-list.name)"
bsr_allow_quick_refresh: "enable"
bsr_candidate: "enable"
bsr_hash: "40"
bsr_interface: "<your_own_value> (source system.interface.name)"
bsr_priority: "42"
cisco_crp_prefix: "enable"
cisco_ignore_rp_set_priority: "enable"
cisco_register_checksum: "enable"
cisco_register_checksum_group: "<your_own_value> (source router.access-list.name)"
join_prune_holdtime: "47"
message_interval: "48"
null_register_retries: "49"
register_rate_limit: "50"
register_rp_reachability: "enable"
register_source: "disable"
register_source_interface: "<your_own_value> (source system.interface.name)"
register_source_ip: "<your_own_value>"
register_supression: "55"
rp_address:
-
group: "<your_own_value> (source router.access-list.name)"
id: "58"
ip_address: "<your_own_value>"
rp_register_keepalive: "60"
spt_threshold: "enable"
spt_threshold_group: "<your_own_value> (source router.access-list.name)"
ssm: "enable"
ssm_range: "<your_own_value> (source router.access-list.name)"
route_limit: "65"
route_threshold: "66"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_router_multicast6 – Configure IPv6 multicast in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and multicast6 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- router_multicast6 - Configure IPv6 multicast. type: dict
- interface - Protocol Independent Multicast (PIM) interfaces. type: list
- hello_holdtime - Time before old neighbour information expires (1 - 65535 sec). type: int
- hello_interval - Interval between sending PIM hello messages (1 - 65535 sec).. type: int
- name - Interface name. Source system.interface.name. type: str required: True
- multicast_pmtu - Enable/disable PMTU for IPv6 multicast. type: str choices: enable, disable
- multicast_routing - Enable/disable IPv6 multicast routing. type: str choices: enable, disable
- pim_sm_global - PIM sparse-mode global settings. type: dict
- register_rate_limit - Limit of packets/sec per source registered through this RP (0 means unlimited). type: int
- rp_address - Statically configured RP addresses. type: list
- id - ID of the entry. type: int required: True
- ip6_address - RP router IPv6 address. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IPv6 multicast.
fortios_router_multicast6:
vdom: "{{ vdom }}"
router_multicast6:
interface:
-
hello_holdtime: "4"
hello_interval: "5"
name: "default_name_6 (source system.interface.name)"
multicast_pmtu: "enable"
multicast_routing: "enable"
pim_sm_global:
register_rate_limit: "10"
rp_address:
-
id: "12"
ip6_address: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_router_multicast_flow – Configure multicast-flow in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and multicast_flow category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- router_multicast_flow - Configure multicast-flow. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- comments - Comment. type: str
- flows - Multicast-flow entries. type: list
- group_addr - Multicast group IP address. type: str
- id - Flow ID. type: int required: True
- source_addr - Multicast source IP address. type: str
- name - Name. type: str required: True
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure multicast-flow.
fortios_router_multicast_flow:
vdom: "{{ vdom }}"
state: "present"
router_multicast_flow:
comments: "<your_own_value>"
flows:
-
group_addr: "<your_own_value>"
id: "6"
source_addr: "<your_own_value>"
name: "default_name_8"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_router_ospf – Configure OSPF in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and ospf category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- router_ospf - Configure OSPF. type: dict
- abr_type - Area border router type. type: str choices: cisco, ibm, shortcut, standard
- area - OSPF area configuration. type: list
- authentication - Authentication type. type: str choices: none, text, md5
- default_cost - Summary default cost of stub or NSSA area. type: int
- filter_list - OSPF area filter-list configuration. type: list
- direction - Direction. type: str choices: in, out
- id - Filter list entry ID. type: int required: True
- list - Access-list or prefix-list name. Source router.access-list.name router.prefix-list.name. type: str
- id - Area entry IP address. type: str required: True
- nssa_default_information_originate - Redistribute, advertise, or do not originate Type-7 default route into NSSA area. type: str choices: enable, always, disable
- nssa_default_information_originate_metric - OSPF default metric. type: int
- nssa_default_information_originate_metric_type - OSPF metric type for default routes. type: str choices: 1, 2
- nssa_redistribution - Enable/disable redistribute into NSSA area. type: str choices: enable, disable
- nssa_translator_role - NSSA translator role type. type: str choices: candidate, never, always
- range - OSPF area range configuration. type: list
- advertise - Enable/disable advertise status. type: str choices: disable, enable
- id - Range entry ID. type: int required: True
- prefix - Prefix. type: str
- substitute - Substitute prefix. type: str
- substitute_status - Enable/disable substitute status. type: str choices: enable, disable
- shortcut - Enable/disable shortcut option. type: str choices: disable, enable, default
- stub_type - Stub summary setting. type: str choices: no-summary, summary
- type - Area type setting. type: str choices: regular, nssa, stub
- virtual_link - OSPF virtual link configuration. type: list
- authentication - Authentication type. type: str choices: none, text, md5
- authentication_key - Authentication key. type: str
- dead_interval - Dead interval. type: int
- hello_interval - Hello interval. type: int
- md5_key - MD5 key. type: str
- name - Virtual link entry name. type: str required: True
- peer - Peer IP. type: str
- retransmit_interval - Retransmit interval. type: int
- transmit_delay - Transmit delay. type: int
- auto_cost_ref_bandwidth - Reference bandwidth in terms of megabits per second. type: int
- bfd - Bidirectional Forwarding Detection (BFD). type: str choices: enable, disable
- database_overflow - Enable/disable database overflow. type: str choices: enable, disable
- database_overflow_max_lsas - Database overflow maximum LSAs. type: int
- database_overflow_time_to_recover - Database overflow time to recover (sec). type: int
- default_information_metric - Default information metric. type: int
- default_information_metric_type - Default information metric type. type: str choices: 1, 2
- default_information_originate - Enable/disable generation of default route. type: str choices: enable, always, disable
- default_information_route_map - Default information route map. Source router.route-map.name. type: str
- default_metric - Default metric of redistribute routes. type: int
- distance - Distance of the route. type: int
- distance_external - Administrative external distance. type: int
- distance_inter_area - Administrative inter-area distance. type: int
- distance_intra_area - Administrative intra-area distance. type: int
- distribute_list - Distribute list configuration. type: list
- access_list - Access list name. Source router.access-list.name. type: str
- id - Distribute list entry ID. type: int required: True
- protocol - Protocol type. type: str choices: connected, static, rip
- distribute_list_in - Filter incoming routes. Source router.access-list.name router.prefix-list.name. type: str
- distribute_route_map_in - Filter incoming external routes by route-map. Source router.route-map.name. type: str
- log_neighbour_changes - Enable logging of OSPF neighbour"s changes type: str choices: enable, disable
- neighbor - OSPF neighbor configuration are used when OSPF runs on non-broadcast media type: list
- cost - Cost of the interface, value range from 0 to 65535, 0 means auto-cost. type: int
- id - Neighbor entry ID. type: int required: True
- ip - Interface IP address of the neighbor. type: str
- poll_interval - Poll interval time in seconds. type: int
- priority - Priority. type: int
- network - OSPF network configuration. type: list
- area - Attach the network to area. type: str
- id - Network entry ID. type: int required: True
- prefix - Prefix. type: str
- ospf_interface - OSPF interface configuration. type: list
- authentication - Authentication type. type: str choices: none, text, md5
- authentication_key - Authentication key. type: str
- bfd - Bidirectional Forwarding Detection (BFD). type: str choices: global, enable, disable
- cost - Cost of the interface, value range from 0 to 65535, 0 means auto-cost. type: int
- database_filter_out - Enable/disable control of flooding out LSAs. type: str choices: enable, disable
- dead_interval - Dead interval. type: int
- hello_interval - Hello interval. type: int
- hello_multiplier - Number of hello packets within dead interval. type: int
- interface - Configuration interface name. Source system.interface.name. type: str
- ip - IP address. type: str
- md5_key - MD5 key. type: str
- mtu - MTU for database description packets. type: int
- mtu_ignore - Enable/disable ignore MTU. type: str choices: enable, disable
- name - Interface entry name. type: str required: True
- network_type - Network type. type: str choices: broadcast, non-broadcast, point-to-point, point-to-multipoint, point-to-multipoint-non-broadcast
- prefix_length - Prefix length. type: int
- priority - Priority. type: int
- resync_timeout - Graceful restart neighbor resynchronization timeout. type: int
- retransmit_interval - Retransmit interval. type: int
- status - Enable/disable status. type: str choices: disable, enable
- transmit_delay - Transmit delay. type: int
- passive_interface - Passive interface configuration. type: list
- name - Passive interface name. Source system.interface.name. type: str required: True
- redistribute - Redistribute configuration. type: list
- metric - Redistribute metric setting. type: int
- metric_type - Metric type. type: str choices: 1, 2
- name - Redistribute name. type: str required: True
- routemap - Route map name. Source router.route-map.name. type: str
- status - status type: str choices: enable, disable
- tag - Tag value. type: int
- restart_mode - OSPF restart mode (graceful or LLS). type: str choices: none, lls, graceful-restart
- restart_period - Graceful restart period. type: int
- rfc1583_compatible - Enable/disable RFC1583 compatibility. type: str choices: enable, disable
- router_id - Router ID. type: str
- spf_timers - SPF calculation frequency. type: str
- summary_address - IP address summary configuration. type: list
- advertise - Enable/disable advertise status. type: str choices: disable, enable
- id - Summary address entry ID. type: int required: True
- prefix - Prefix. type: str
- tag - Tag value. type: int
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure OSPF.
fortios_router_ospf:
vdom: "{{ vdom }}"
router_ospf:
abr_type: "cisco"
area:
-
authentication: "none"
default_cost: "6"
filter_list:
-
direction: "in"
id: "9"
list: "<your_own_value> (source router.access-list.name router.prefix-list.name)"
id: "11"
nssa_default_information_originate: "enable"
nssa_default_information_originate_metric: "13"
nssa_default_information_originate_metric_type: "1"
nssa_redistribution: "enable"
nssa_translator_role: "candidate"
range:
-
advertise: "disable"
id: "19"
prefix: "<your_own_value>"
substitute: "<your_own_value>"
substitute_status: "enable"
shortcut: "disable"
stub_type: "no-summary"
type: "regular"
virtual_link:
-
authentication: "none"
authentication_key: "<your_own_value>"
dead_interval: "29"
hello_interval: "30"
md5_key: "<your_own_value>"
name: "default_name_32"
peer: "<your_own_value>"
retransmit_interval: "34"
transmit_delay: "35"
auto_cost_ref_bandwidth: "36"
bfd: "enable"
database_overflow: "enable"
database_overflow_max_lsas: "39"
database_overflow_time_to_recover: "40"
default_information_metric: "41"
default_information_metric_type: "1"
default_information_originate: "enable"
default_information_route_map: "<your_own_value> (source router.route-map.name)"
default_metric: "45"
distance: "46"
distance_external: "47"
distance_inter_area: "48"
distance_intra_area: "49"
distribute_list:
-
access_list: "<your_own_value> (source router.access-list.name)"
id: "52"
protocol: "connected"
distribute_list_in: "<your_own_value> (source router.access-list.name router.prefix-list.name)"
distribute_route_map_in: "<your_own_value> (source router.route-map.name)"
log_neighbour_changes: "enable"
neighbor:
-
cost: "58"
id: "59"
ip: "<your_own_value>"
poll_interval: "61"
priority: "62"
network:
-
area: "<your_own_value>"
id: "65"
prefix: "<your_own_value>"
ospf_interface:
-
authentication: "none"
authentication_key: "<your_own_value>"
bfd: "global"
cost: "71"
database_filter_out: "enable"
dead_interval: "73"
hello_interval: "74"
hello_multiplier: "75"
interface: "<your_own_value> (source system.interface.name)"
ip: "<your_own_value>"
md5_key: "<your_own_value>"
mtu: "79"
mtu_ignore: "enable"
name: "default_name_81"
network_type: "broadcast"
prefix_length: "83"
priority: "84"
resync_timeout: "85"
retransmit_interval: "86"
status: "disable"
transmit_delay: "88"
passive_interface:
-
name: "default_name_90 (source system.interface.name)"
redistribute:
-
metric: "92"
metric_type: "1"
name: "default_name_94"
routemap: "<your_own_value> (source router.route-map.name)"
status: "enable"
tag: "97"
restart_mode: "none"
restart_period: "99"
rfc1583_compatible: "enable"
router_id: "<your_own_value>"
spf_timers: "<your_own_value>"
summary_address:
-
advertise: "disable"
id: "105"
prefix: "<your_own_value>"
tag: "107"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_router_ospf6 – Configure IPv6 OSPF in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and ospf6 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- router_ospf6 - Configure IPv6 OSPF. type: dict
- abr_type - Area border router type. type: str choices: cisco, ibm, standard
- area - OSPF6 area configuration. type: list
- default_cost - Summary default cost of stub or NSSA area. type: int
- id - Area entry IP address. type: str required: True
- nssa_default_information_originate - Enable/disable originate type 7 default into NSSA area. type: str choices: enable, disable
- nssa_default_information_originate_metric - OSPFv3 default metric. type: int
- nssa_default_information_originate_metric_type - OSPFv3 metric type for default routes. type: str choices: 1, 2
- nssa_redistribution - Enable/disable redistribute into NSSA area. type: str choices: enable, disable
- nssa_translator_role - NSSA translator role type. type: str choices: candidate, never, always
- range - OSPF6 area range configuration. type: list
- advertise - Enable/disable advertise status. type: str choices: disable, enable
- id - Range entry ID. type: int required: True
- prefix6 - IPv6 prefix. type: str
- stub_type - Stub summary setting. type: str choices: no-summary, summary
- type - Area type setting. type: str choices: regular, nssa, stub
- virtual_link - OSPF6 virtual link configuration. type: list
- dead_interval - Dead interval. type: int
- hello_interval - Hello interval. type: int
- name - Virtual link entry name. type: str required: True
- peer - A.B.C.D, peer router ID. type: str
- retransmit_interval - Retransmit interval. type: int
- transmit_delay - Transmit delay. type: int
- auto_cost_ref_bandwidth - Reference bandwidth in terms of megabits per second. type: int
- bfd - Enable/disable Bidirectional Forwarding Detection (BFD). type: str choices: enable, disable
- default_information_metric - Default information metric. type: int
- default_information_metric_type - Default information metric type. type: str choices: 1, 2
- default_information_originate - Enable/disable generation of default route. type: str choices: enable, always, disable
- default_information_route_map - Default information route map. Source router.route-map.name. type: str
- default_metric - Default metric of redistribute routes. type: int
- log_neighbour_changes - Enable logging of OSPFv3 neighbour"s changes type: str choices: enable, disable
- ospf6_interface - OSPF6 interface configuration. type: list
- area_id - A.B.C.D, in IPv4 address format. type: str
- bfd - Enable/disable Bidirectional Forwarding Detection (BFD). type: str choices: global, enable, disable
- cost - Cost of the interface, value range from 0 to 65535, 0 means auto-cost. type: int
- dead_interval - Dead interval. type: int
- hello_interval - Hello interval. type: int
- interface - Configuration interface name. Source system.interface.name. type: str
- mtu - MTU for OSPFv3 packets. type: int
- mtu_ignore - Enable/disable ignoring MTU field in DBD packets. type: str choices: enable, disable
- name - Interface entry name. type: str required: True
- neighbor - OSPFv3 neighbors are used when OSPFv3 runs on non-broadcast media type: list
- cost - Cost of the interface, value range from 0 to 65535, 0 means auto-cost. type: int
- ip6 - IPv6 link local address of the neighbor. type: str required: True
- poll_interval - Poll interval time in seconds. type: int
- priority - priority type: int
- network_type - Network type. type: str choices: broadcast, point-to-point, non-broadcast, point-to-multipoint, point-to-multipoint-non-broadcast
- priority - priority type: int
- retransmit_interval - Retransmit interval. type: int
- status - Enable/disable OSPF6 routing on this interface. type: str choices: disable, enable
- transmit_delay - Transmit delay. type: int
- passive_interface - Passive interface configuration. type: list
- name - Passive interface name. Source system.interface.name. type: str required: True
- redistribute - Redistribute configuration. type: list
- metric - Redistribute metric setting. type: int
- metric_type - Metric type. type: str choices: 1, 2
- name - Redistribute name. type: str required: True
- routemap - Route map name. Source router.route-map.name. type: str
- status - status type: str choices: enable, disable
- router_id - A.B.C.D, in IPv4 address format. type: str
- spf_timers - SPF calculation frequency. type: str
- summary_address - IPv6 address summary configuration. type: list
- advertise - Enable/disable advertise status. type: str choices: disable, enable
- id - Summary address entry ID. type: int required: True
- prefix6 - IPv6 prefix. type: str
- tag - Tag value. type: int
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IPv6 OSPF.
fortios_router_ospf6:
vdom: "{{ vdom }}"
router_ospf6:
abr_type: "cisco"
area:
-
default_cost: "5"
id: "6"
nssa_default_information_originate: "enable"
nssa_default_information_originate_metric: "8"
nssa_default_information_originate_metric_type: "1"
nssa_redistribution: "enable"
nssa_translator_role: "candidate"
range:
-
advertise: "disable"
id: "14"
prefix6: "<your_own_value>"
stub_type: "no-summary"
type: "regular"
virtual_link:
-
dead_interval: "19"
hello_interval: "20"
name: "default_name_21"
peer: "<your_own_value>"
retransmit_interval: "23"
transmit_delay: "24"
auto_cost_ref_bandwidth: "25"
bfd: "enable"
default_information_metric: "27"
default_information_metric_type: "1"
default_information_originate: "enable"
default_information_route_map: "<your_own_value> (source router.route-map.name)"
default_metric: "31"
log_neighbour_changes: "enable"
ospf6_interface:
-
area_id: "<your_own_value>"
bfd: "global"
cost: "36"
dead_interval: "37"
hello_interval: "38"
interface: "<your_own_value> (source system.interface.name)"
mtu: "40"
mtu_ignore: "enable"
name: "default_name_42"
neighbor:
-
cost: "44"
ip6: "<your_own_value>"
poll_interval: "46"
priority: "47"
network_type: "broadcast"
priority: "49"
retransmit_interval: "50"
status: "disable"
transmit_delay: "52"
passive_interface:
-
name: "default_name_54 (source system.interface.name)"
redistribute:
-
metric: "56"
metric_type: "1"
name: "default_name_58"
routemap: "<your_own_value> (source router.route-map.name)"
status: "enable"
router_id: "<your_own_value>"
spf_timers: "<your_own_value>"
summary_address:
-
advertise: "disable"
id: "65"
prefix6: "<your_own_value>"
tag: "67"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_router_policy – Configure IPv4 routing policies in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and policy category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- router_policy - Configure IPv4 routing policies. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- action - Action of the policy route. type: str choices: deny, permit
- comments - Optional comments. type: str
- dst - Destination IP and mask (x.x.x.x/x). type: list
- subnet - IP and mask. type: str required: True
- dst_negate - Enable/disable negating destination address match. type: str choices: enable, disable
- dstaddr - Destination address name. type: list
- name - Address/group name. Source firewall.address.name firewall.addrgrp.name. type: str required: True
- end_port - End destination port number (0 - 65535). type: int
- end_source_port - End source port number (0 - 65535). type: int
- gateway - IP address of the gateway. type: str
- input_device - Incoming interface name. type: list
- name - Interface name. Source system.interface.name. type: str required: True
- output_device - Outgoing interface name. Source system.interface.name. type: str
- protocol - Protocol number (0 - 255). type: int
- seq_num - Sequence number. type: int
- src - Source IP and mask (x.x.x.x/x). type: list
- subnet - IP and mask. type: str required: True
- src_negate - Enable/disable negating source address match. type: str choices: enable, disable
- srcaddr - Source address name. type: list
- name - Address/group name. Source firewall.address.name firewall.addrgrp.name. type: str required: True
- start_port - Start destination port number (0 - 65535). type: int
- start_source_port - Start source port number (0 - 65535). type: int
- status - Enable/disable this policy route. type: str choices: enable, disable
- tos - Type of service bit pattern. type: str
- tos_mask - Type of service evaluated bits. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IPv4 routing policies.
fortios_router_policy:
vdom: "{{ vdom }}"
state: "present"
router_policy:
action: "deny"
comments: "<your_own_value>"
dst:
-
subnet: "<your_own_value>"
dst_negate: "enable"
dstaddr:
-
name: "default_name_9 (source firewall.address.name firewall.addrgrp.name)"
end_port: "10"
end_source_port: "11"
gateway: "<your_own_value>"
input_device:
-
name: "default_name_14 (source system.interface.name)"
output_device: "<your_own_value> (source system.interface.name)"
protocol: "16"
seq_num: "17"
src:
-
subnet: "<your_own_value>"
src_negate: "enable"
srcaddr:
-
name: "default_name_22 (source firewall.address.name firewall.addrgrp.name)"
start_port: "23"
start_source_port: "24"
status: "enable"
tos: "<your_own_value>"
tos_mask: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_router_policy6 – Configure IPv6 routing policies in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and policy6 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- router_policy6 - Configure IPv6 routing policies. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- comments - Optional comments. type: str
- dst - Destination IPv6 prefix. type: str
- end_port - End destination port number (1 - 65535). type: int
- gateway - IPv6 address of the gateway. type: str
- input_device - Incoming interface name. Source system.interface.name. type: str
- output_device - Outgoing interface name. Source system.interface.name. type: str
- protocol - Protocol number (0 - 255). type: int
- seq_num - Sequence number. type: int
- src - Source IPv6 prefix. type: str
- start_port - Start destination port number (1 - 65535). type: int
- status - Enable/disable this policy route. type: str choices: enable, disable
- tos - Type of service bit pattern. type: str
- tos_mask - Type of service evaluated bits. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IPv6 routing policies.
fortios_router_policy6:
vdom: "{{ vdom }}"
state: "present"
router_policy6:
comments: "<your_own_value>"
dst: "<your_own_value>"
end_port: "5"
gateway: "<your_own_value>"
input_device: "<your_own_value> (source system.interface.name)"
output_device: "<your_own_value> (source system.interface.name)"
protocol: "9"
seq_num: "10"
src: "<your_own_value>"
start_port: "12"
status: "enable"
tos: "<your_own_value>"
tos_mask: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_router_prefix_list – Configure IPv4 prefix lists in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and prefix_list category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- router_prefix_list - Configure IPv4 prefix lists. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- comments - Comment. type: str
- name - Name. type: str required: True
- rule - IPv4 prefix list rule. type: list
- action - Permit or deny this IP address and netmask prefix. type: str choices: permit, deny
- flags - Flags. type: int
- ge - Minimum prefix length to be matched (0 - 32). type: int
- id - Rule ID. type: int required: True
- le - Maximum prefix length to be matched (0 - 32). type: int
- prefix - IPv4 prefix to define regular filter criteria, such as "any" or subnets. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IPv4 prefix lists.
fortios_router_prefix_list:
vdom: "{{ vdom }}"
state: "present"
router_prefix_list:
comments: "<your_own_value>"
name: "default_name_4"
rule:
-
action: "permit"
flags: "7"
ge: "8"
id: "9"
le: "10"
prefix: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_router_prefix_list6 – Configure IPv6 prefix lists in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and prefix_list6 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- router_prefix_list6 - Configure IPv6 prefix lists. type: dict
- comments - Comment. type: str
- name - Name. type: str required: True
- rule - IPv6 prefix list rule. type: list
- action - Permit or deny packets that match this rule. type: str choices: permit, deny
- flags - Flags. type: int
- ge - Minimum prefix length to be matched (0 - 128). type: int
- id - Rule ID. type: int required: True
- le - Maximum prefix length to be matched (0 - 128). type: int
- prefix6 - IPv6 prefix to define regular filter criteria, such as "any" or subnets. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IPv6 prefix lists.
fortios_router_prefix_list6:
vdom: "{{ vdom }}"
state: "present"
router_prefix_list6:
comments: "<your_own_value>"
name: "default_name_4"
rule:
-
action: "permit"
flags: "7"
ge: "8"
id: "9"
le: "10"
prefix6: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_router_rip – Configure RIP in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and rip category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- router_rip - Configure RIP. type: dict
- default_information_originate - Enable/disable generation of default route. type: str choices: enable, disable
- default_metric - Default metric. type: int
- distance - distance type: list
- access_list - Access list for route destination. Source router.access-list.name. type: str
- distance - Distance (1 - 255). type: int
- id - Distance ID. type: int required: True
- prefix - Distance prefix. type: str
- distribute_list - Distribute list. type: list
- direction - Distribute list direction. type: str choices: in, out
- id - Distribute list ID. type: int required: True
- interface - Distribute list interface name. Source system.interface.name. type: str
- listname - Distribute access/prefix list name. Source router.access-list.name router.prefix-list.name. type: str
- status - status type: str choices: enable, disable
- garbage_timer - Garbage timer in seconds. type: int
- interface - RIP interface configuration. type: list
- auth_keychain - Authentication key-chain name. Source router.key-chain.name. type: str
- auth_mode - Authentication mode. type: str choices: none, text, md5
- auth_string - Authentication string/password. type: str
- flags - flags type: int
- name - Interface name. Source system.interface.name. type: str required: True
- receive_version - Receive version. type: str choices: 1, 2
- send_version - Send version. type: str choices: 1, 2
- send_version2_broadcast - Enable/disable broadcast version 1 compatible packets. type: str choices: disable, enable
- split_horizon - Enable/disable split horizon. type: str choices: poisoned, regular
- split_horizon_status - Enable/disable split horizon. type: str choices: enable, disable
- max_out_metric - Maximum metric allowed to output(0 means "not set"). type: int
- neighbor - neighbor type: list
- id - Neighbor entry ID. type: int required: True
- ip - IP address. type: str
- network - network type: list
- id - Network entry ID. type: int required: True
- prefix - Network prefix. type: str
- offset_list - Offset list. type: list
- access_list - Access list name. Source router.access-list.name. type: str
- direction - Offset list direction. type: str choices: in, out
- id - Offset-list ID. type: int required: True
- interface - Interface name. Source system.interface.name. type: str
- offset - offset type: int
- status - status type: str choices: enable, disable
- passive_interface - Passive interface configuration. type: list
- name - Passive interface name. Source system.interface.name. type: str required: True
- recv_buffer_size - Receiving buffer size. type: int
- redistribute - Redistribute configuration. type: list
- metric - Redistribute metric setting. type: int
- name - Redistribute name. type: str required: True
- routemap - Route map name. Source router.route-map.name. type: str
- status - status type: str choices: enable, disable
- timeout_timer - Timeout timer in seconds. type: int
- update_timer - Update timer in seconds. type: int
- version - RIP version. type: str choices: 1, 2
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure RIP.
fortios_router_rip:
vdom: "{{ vdom }}"
router_rip:
default_information_originate: "enable"
default_metric: "4"
distance:
-
access_list: "<your_own_value> (source router.access-list.name)"
distance: "7"
id: "8"
prefix: "<your_own_value>"
distribute_list:
-
direction: "in"
id: "12"
interface: "<your_own_value> (source system.interface.name)"
listname: "<your_own_value> (source router.access-list.name router.prefix-list.name)"
status: "enable"
garbage_timer: "16"
interface:
-
auth_keychain: "<your_own_value> (source router.key-chain.name)"
auth_mode: "none"
auth_string: "<your_own_value>"
flags: "21"
name: "default_name_22 (source system.interface.name)"
receive_version: "1"
send_version: "1"
send_version2_broadcast: "disable"
split_horizon: "poisoned"
split_horizon_status: "enable"
max_out_metric: "28"
neighbor:
-
id: "30"
ip: "<your_own_value>"
network:
-
id: "33"
prefix: "<your_own_value>"
offset_list:
-
access_list: "<your_own_value> (source router.access-list.name)"
direction: "in"
id: "38"
interface: "<your_own_value> (source system.interface.name)"
offset: "40"
status: "enable"
passive_interface:
-
name: "default_name_43 (source system.interface.name)"
recv_buffer_size: "44"
redistribute:
-
metric: "46"
name: "default_name_47"
routemap: "<your_own_value> (source router.route-map.name)"
status: "enable"
timeout_timer: "50"
update_timer: "51"
version: "1"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_router_ripng – Configure RIPng in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and ripng category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- router_ripng - Configure RIPng. type: dict
- aggregate_address - Aggregate address. type: list
- id - Aggregate address entry ID. type: int required: True
- prefix6 - Aggregate address prefix. type: str
- default_information_originate - Enable/disable generation of default route. type: str choices: enable, disable
- default_metric - Default metric. type: int
- distance - distance type: list
- access_list6 - Access list for route destination. Source router.access-list6.name. type: str
- distance - Distance (1 - 255). type: int
- id - Distance ID. type: int required: True
- prefix6 - Distance prefix6. type: str
- distribute_list - Distribute list. type: list
- direction - Distribute list direction. type: str choices: in, out
- id - Distribute list ID. type: int required: True
- interface - Distribute list interface name. Source system.interface.name. type: str
- listname - Distribute access/prefix list name. Source router.access-list6.name router.prefix-list6.name. type: str
- status - status type: str choices: enable, disable
- garbage_timer - Garbage timer. type: int
- interface - RIPng interface configuration. type: list
- flags - Flags. type: int
- name - Interface name. Source system.interface.name. type: str required: True
- split_horizon - Enable/disable split horizon. type: str choices: poisoned, regular
- split_horizon_status - Enable/disable split horizon. type: str choices: enable, disable
- max_out_metric - Maximum metric allowed to output(0 means "not set"). type: int
- neighbor - neighbor type: list
- id - Neighbor entry ID. type: int required: True
- interface - Interface name. Source system.interface.name. type: str
- ip6 - IPv6 link-local address. type: str
- network - Network. type: list
- id - Network entry ID. type: int required: True
- prefix - Network IPv6 link-local prefix. type: str
- offset_list - Offset list. type: list
- access_list6 - IPv6 access list name. Source router.access-list6.name. type: str
- direction - Offset list direction. type: str choices: in, out
- id - Offset-list ID. type: int required: True
- interface - Interface name. Source system.interface.name. type: str
- offset - offset type: int
- status - status type: str choices: enable, disable
- passive_interface - Passive interface configuration. type: list
- name - Passive interface name. Source system.interface.name. type: str required: True
- redistribute - Redistribute configuration. type: list
- metric - Redistribute metric setting. type: int
- name - Redistribute name. type: str required: True
- routemap - Route map name. Source router.route-map.name. type: str
- status - status type: str choices: enable, disable
- timeout_timer - Timeout timer. type: int
- update_timer - Update timer. type: int
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure RIPng.
fortios_router_ripng:
vdom: "{{ vdom }}"
router_ripng:
aggregate_address:
-
id: "4"
prefix6: "<your_own_value>"
default_information_originate: "enable"
default_metric: "7"
distance:
-
access_list6: "<your_own_value> (source router.access-list6.name)"
distance: "10"
id: "11"
prefix6: "<your_own_value>"
distribute_list:
-
direction: "in"
id: "15"
interface: "<your_own_value> (source system.interface.name)"
listname: "<your_own_value> (source router.access-list6.name router.prefix-list6.name)"
status: "enable"
garbage_timer: "19"
interface:
-
flags: "21"
name: "default_name_22 (source system.interface.name)"
split_horizon: "poisoned"
split_horizon_status: "enable"
max_out_metric: "25"
neighbor:
-
id: "27"
interface: "<your_own_value> (source system.interface.name)"
ip6: "<your_own_value>"
network:
-
id: "31"
prefix: "<your_own_value>"
offset_list:
-
access_list6: "<your_own_value> (source router.access-list6.name)"
direction: "in"
id: "36"
interface: "<your_own_value> (source system.interface.name)"
offset: "38"
status: "enable"
passive_interface:
-
name: "default_name_41 (source system.interface.name)"
redistribute:
-
metric: "43"
name: "default_name_44"
routemap: "<your_own_value> (source router.route-map.name)"
status: "enable"
timeout_timer: "47"
update_timer: "48"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_router_route_map – Configure route maps in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and route_map category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- router_route_map - Configure route maps. type: dict
- comments - Optional comments. type: str
- name - Name. type: str required: True
- rule - Rule. type: list
- action - Action. type: str choices: permit, deny
- id - Rule ID. type: int required: True
- match_as_path - Match BGP AS path list. Source router.aspath-list.name. type: str
- match_community - Match BGP community list. Source router.community-list.name. type: str
- match_community_exact - Enable/disable exact matching of communities. type: str choices: enable, disable
- match_flags - BGP flag value to match (0 - 65535) type: int
- match_interface - Match interface configuration. Source system.interface.name. type: str
- match_ip_address - Match IP address permitted by access-list or prefix-list. Source router.access-list.name router.prefix-list.name. type: str
- match_ip_nexthop - Match next hop IP address passed by access-list or prefix-list. Source router.access-list.name router.prefix-list.name. type: str
- match_ip6_address - Match IPv6 address permitted by access-list6 or prefix-list6. Source router.access-list6.name router.prefix-list6.name. type: str
- match_ip6_nexthop - Match next hop IPv6 address passed by access-list6 or prefix-list6. Source router.access-list6.name router.prefix-list6.name. type: str
- match_metric - Match metric for redistribute routes. type: int
- match_origin - Match BGP origin code. type: str choices: none, egp, igp, incomplete
- match_route_type - Match route type. type: str choices: 1, 2, none
- match_tag - Match tag. type: int
- set_aggregator_as - BGP aggregator AS. type: int
- set_aggregator_ip - BGP aggregator IP. type: str
- set_aspath - Prepend BGP AS path attribute. type: list
- as - AS number (0 - 42949672). NOTE: Use quotes for repeating numbers, e.g.: "1 1 2" type: str required: True
- set_aspath_action - Specify preferred action of set-aspath. type: str choices: prepend, replace
- set_atomic_aggregate - Enable/disable BGP atomic aggregate attribute. type: str choices: enable, disable
- set_community - BGP community attribute. type: list
- community - Attribute: AA|AA:NN|internet|local-AS|no-advertise|no-export. type: str required: True
- set_community_additive - Enable/disable adding set-community to existing community. type: str choices: enable, disable
- set_community_delete - Delete communities matching community list. Source router.community-list.name. type: str
- set_dampening_max_suppress - Maximum duration to suppress a route (1 - 255 min, 0 = unset). type: int
- set_dampening_reachability_half_life - Reachability half-life time for the penalty (1 - 45 min, 0 = unset). type: int
- set_dampening_reuse - Value to start reusing a route (1 - 20000, 0 = unset). type: int
- set_dampening_suppress - Value to start suppressing a route (1 - 20000, 0 = unset). type: int
- set_dampening_unreachability_half_life - Unreachability Half-life time for the penalty (1 - 45 min, 0 = unset) type: int
- set_extcommunity_rt - Route Target extended community. type: list
- community - AA:NN. type: str required: True
- set_extcommunity_soo - Site-of-Origin extended community. type: list
- community - AA:NN type: str required: True
- set_flags - BGP flags value (0 - 65535) type: int
- set_ip_nexthop - IP address of next hop. type: str
- set_ip6_nexthop - IPv6 global address of next hop. type: str
- set_ip6_nexthop_local - IPv6 local address of next hop. type: str
- set_local_preference - BGP local preference path attribute. type: int
- set_metric - Metric value. type: int
- set_metric_type - Metric type. type: str choices: 1, 2, none
- set_origin - BGP origin code. type: str choices: none, egp, igp, incomplete
- set_originator_id - BGP originator ID attribute. type: str
- set_route_tag - Route tag for routing table. type: int
- set_tag - Tag value. type: int
- set_weight - BGP weight for routing table. type: int
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure route maps.
fortios_router_route_map:
vdom: "{{ vdom }}"
state: "present"
router_route_map:
comments: "<your_own_value>"
name: "default_name_4"
rule:
-
action: "permit"
id: "7"
match_as_path: "<your_own_value> (source router.aspath-list.name)"
match_community: "<your_own_value> (source router.community-list.name)"
match_community_exact: "enable"
match_flags: "11"
match_interface: "<your_own_value> (source system.interface.name)"
match_ip_address: "<your_own_value> (source router.access-list.name router.prefix-list.name)"
match_ip_nexthop: "<your_own_value> (source router.access-list.name router.prefix-list.name)"
match_ip6_address: "<your_own_value> (source router.access-list6.name router.prefix-list6.name)"
match_ip6_nexthop: "<your_own_value> (source router.access-list6.name router.prefix-list6.name)"
match_metric: "17"
match_origin: "none"
match_route_type: "1"
match_tag: "20"
set_aggregator_as: "21"
set_aggregator_ip: "<your_own_value>"
set_aspath:
-
as: "<your_own_value>"
set_aspath_action: "prepend"
set_atomic_aggregate: "enable"
set_community:
-
community: "<your_own_value>"
set_community_additive: "enable"
set_community_delete: "<your_own_value> (source router.community-list.name)"
set_dampening_max_suppress: "31"
set_dampening_reachability_half_life: "32"
set_dampening_reuse: "33"
set_dampening_suppress: "34"
set_dampening_unreachability_half_life: "35"
set_extcommunity_rt:
-
community: "<your_own_value>"
set_extcommunity_soo:
-
community: "<your_own_value>"
set_flags: "40"
set_ip_nexthop: "<your_own_value>"
set_ip6_nexthop: "<your_own_value>"
set_ip6_nexthop_local: "<your_own_value>"
set_local_preference: "44"
set_metric: "45"
set_metric_type: "1"
set_origin: "none"
set_originator_id: "<your_own_value>"
set_route_tag: "49"
set_tag: "50"
set_weight: "51"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_router_setting – Configure router settings in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- router_setting - Configure router settings. type: dict
- hostname - Hostname for this virtual domain router. type: str
- show_filter - Prefix-list as filter for showing routes. Source router.prefix-list.name. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure router settings.
fortios_router_setting:
vdom: "{{ vdom }}"
router_setting:
hostname: "myhostname"
show_filter: "<your_own_value> (source router.prefix-list.name)"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_router_static – Configure IPv4 static routing tables in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and static category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- router_static - Configure IPv4 static routing tables. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- bfd - Enable/disable Bidirectional Forwarding Detection (BFD). type: str choices: enable, disable
- blackhole - Enable/disable black hole. type: str choices: enable, disable
- comment - Optional comments. type: str
- device - Gateway out interface or tunnel. Source system.interface.name. type: str
- distance - Administrative distance (1 - 255). type: int
- dst - Destination IP and mask for this route. type: str
- dstaddr - Name of firewall address or address group. Source firewall.address.name firewall.addrgrp.name. type: str
- dynamic_gateway - Enable use of dynamic gateway retrieved from a DHCP or PPP server. type: str choices: enable, disable
- gateway - Gateway IP for this route. type: str
- internet_service - Application ID in the Internet service database. Source firewall.internet-service.id. type: int
- internet_service_custom - Application name in the Internet service custom database. Source firewall.internet-service-custom.name. type: str
- link_monitor_exempt - Enable/disable withdrawing this route when link monitor or health check is down. type: str choices: enable, disable
- priority - Administrative priority (0 - 4294967295). type: int
- seq_num - Sequence number. type: int
- src - Source prefix for this route. type: str
- status - Enable/disable this static route. type: str choices: enable, disable
- virtual_wan_link - Enable/disable egress through the virtual-wan-link. type: str choices: enable, disable
- vrf - Virtual Routing Forwarding ID. type: int
- weight - Administrative weight (0 - 255). type: int
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IPv4 static routing tables.
fortios_router_static:
vdom: "{{ vdom }}"
state: "present"
router_static:
bfd: "enable"
blackhole: "enable"
comment: "Optional comments."
device: "<your_own_value> (source system.interface.name)"
distance: "7"
dst: "<your_own_value>"
dstaddr: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
dynamic_gateway: "enable"
gateway: "<your_own_value>"
internet_service: "12 (source firewall.internet-service.id)"
internet_service_custom: "<your_own_value> (source firewall.internet-service-custom.name)"
link_monitor_exempt: "enable"
priority: "15"
seq_num: "16"
src: "<your_own_value>"
status: "enable"
virtual_wan_link: "enable"
vrf: "20"
weight: "21"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_router_static6 – Configure IPv6 static routing tables in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and static6 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- router_static6 - Configure IPv6 static routing tables. type: dict
- bfd - Enable/disable Bidirectional Forwarding Detection (BFD). type: str choices: enable, disable
- blackhole - Enable/disable black hole. type: str choices: enable, disable
- comment - Optional comments. type: str
- device - Gateway out interface or tunnel. Source system.interface.name. type: str
- devindex - Device index (0 - 4294967295). type: int
- distance - Administrative distance (1 - 255). type: int
- dst - Destination IPv6 prefix. type: str
- gateway - IPv6 address of the gateway. type: str
- priority - Administrative priority (0 - 4294967295). type: int
- seq_num - Sequence number. type: int
- status - Enable/disable this static route. type: str choices: enable, disable
- virtual_wan_link - Enable/disable egress through the virtual-wan-link. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IPv6 static routing tables.
fortios_router_static6:
vdom: "{{ vdom }}"
state: "present"
router_static6:
bfd: "enable"
blackhole: "enable"
comment: "Optional comments."
device: "<your_own_value> (source system.interface.name)"
devindex: "7"
distance: "8"
dst: "<your_own_value>"
gateway: "<your_own_value>"
priority: "11"
seq_num: "12"
status: "enable"
virtual_wan_link: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_spamfilter_bwl – Configure anti-spam black/white list in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify spamfilter feature and bwl category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- spamfilter_bwl - Configure anti-spam black/white list. type: dict
- comment - Optional comments. type: str
- entries - Anti-spam black/white list entries. type: list
- action - Reject, mark as spam or good email. type: str choices: reject, spam, clear
- addr_type - IP address type. type: str choices: ipv4, ipv6
- email_pattern - Email address pattern. type: str
- id - Entry ID. type: int required: True
- ip4_subnet - IPv4 network address/subnet mask bits. type: str
- ip6_subnet - IPv6 network address/subnet mask bits. type: str
- pattern_type - Wildcard pattern or regular expression. type: str choices: wildcard, regexp
- status - Enable/disable status. type: str choices: enable, disable
- type - Entry type. type: str choices: ip, email
- id - ID. type: int required: True
- name - Name of table. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure anti-spam black/white list.
fortios_spamfilter_bwl:
vdom: "{{ vdom }}"
state: "present"
spamfilter_bwl:
comment: "Optional comments."
entries:
-
action: "reject"
addr_type: "ipv4"
email_pattern: "<your_own_value>"
id: "8"
ip4_subnet: "<your_own_value>"
ip6_subnet: "<your_own_value>"
pattern_type: "wildcard"
status: "enable"
type: "ip"
id: "14"
name: "default_name_15"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_spamfilter_bword – Configure AntiSpam banned word list in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify spamfilter feature and bword category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- spamfilter_bword - Configure AntiSpam banned word list. type: dict
- comment - Optional comments. type: str
- entries - Spam filter banned word. type: list
- action - Mark spam or good. type: str choices: spam, clear
- id - Banned word entry ID. type: int required: True
- language - Language for the banned word. type: str choices: western, simch, trach, japanese, korean, french, thai, spanish
- pattern - Pattern for the banned word. type: str
- pattern_type - Wildcard pattern or regular expression. type: str choices: wildcard, regexp
- score - Score value. type: int
- status - Enable/disable status. type: str choices: enable, disable
- where - Component of the email to be scanned. type: str choices: subject, body, all
- id - ID. type: int required: True
- name - Name of table. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure AntiSpam banned word list.
fortios_spamfilter_bword:
vdom: "{{ vdom }}"
state: "present"
spamfilter_bword:
comment: "Optional comments."
entries:
-
action: "spam"
id: "6"
language: "western"
pattern: "<your_own_value>"
pattern_type: "wildcard"
score: "10"
status: "enable"
where: "subject"
id: "13"
name: "default_name_14"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_spamfilter_dnsbl – Configure AntiSpam DNSBL/ORBL in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify spamfilter feature and dnsbl category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- spamfilter_dnsbl - Configure AntiSpam DNSBL/ORBL. type: dict
- comment - Optional comments. type: str
- entries - Spam filter DNSBL and ORBL server. type: list
- action - Reject connection or mark as spam email. type: str choices: reject, spam
- id - DNSBL/ORBL entry ID. type: int required: True
- server - DNSBL or ORBL server name. type: str
- status - Enable/disable status. type: str choices: enable, disable
- id - ID. type: int required: True
- name - Name of table. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure AntiSpam DNSBL/ORBL.
fortios_spamfilter_dnsbl:
vdom: "{{ vdom }}"
state: "present"
spamfilter_dnsbl:
comment: "Optional comments."
entries:
-
action: "reject"
id: "6"
server: "192.168.100.40"
status: "enable"
id: "9"
name: "default_name_10"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_spamfilter_fortishield – Configure FortiGuard - AntiSpam in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify spamfilter feature and fortishield category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- spamfilter_fortishield - Configure FortiGuard - AntiSpam. type: dict
- spam_submit_force - Enable/disable force insertion of a new mime entity for the submission text. type: str choices: enable, disable
- spam_submit_srv - Hostname of the spam submission server. type: str
- spam_submit_txt2htm - Enable/disable conversion of text email to HTML email. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure FortiGuard - AntiSpam.
fortios_spamfilter_fortishield:
vdom: "{{ vdom }}"
spamfilter_fortishield:
spam_submit_force: "enable"
spam_submit_srv: "<your_own_value>"
spam_submit_txt2htm: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_spamfilter_iptrust – Configure AntiSpam IP trust in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify spamfilter feature and iptrust category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- spamfilter_iptrust - Configure AntiSpam IP trust. type: dict
- comment - Optional comments. type: str
- entries - Spam filter trusted IP addresses. type: list
- addr_type - Type of address. type: str choices: ipv4, ipv6
- id - Trusted IP entry ID. type: int required: True
- ip4_subnet - IPv4 network address or network address/subnet mask bits. type: str
- ip6_subnet - IPv6 network address/subnet mask bits. type: str
- status - Enable/disable status. type: str choices: enable, disable
- id - ID. type: int required: True
- name - Name of table. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure AntiSpam IP trust.
fortios_spamfilter_iptrust:
vdom: "{{ vdom }}"
state: "present"
spamfilter_iptrust:
comment: "Optional comments."
entries:
-
addr_type: "ipv4"
id: "6"
ip4_subnet: "<your_own_value>"
ip6_subnet: "<your_own_value>"
status: "enable"
id: "10"
name: "default_name_11"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_spamfilter_mheader – Configure AntiSpam MIME header in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify spamfilter feature and mheader category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- spamfilter_mheader - Configure AntiSpam MIME header. type: dict
- comment - Optional comments. type: str
- entries - Spam filter mime header content. type: list
- action - Mark spam or good. type: str choices: spam, clear
- fieldbody - Pattern for the header field body. type: str
- fieldname - Pattern for header field name. type: str
- id - Mime header entry ID. type: int required: True
- pattern_type - Wildcard pattern or regular expression. type: str choices: wildcard, regexp
- status - Enable/disable status. type: str choices: enable, disable
- id - ID. type: int required: True
- name - Name of table. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure AntiSpam MIME header.
fortios_spamfilter_mheader:
vdom: "{{ vdom }}"
state: "present"
spamfilter_mheader:
comment: "Optional comments."
entries:
-
action: "spam"
fieldbody: "<your_own_value>"
fieldname: "<your_own_value>"
id: "8"
pattern_type: "wildcard"
status: "enable"
id: "11"
name: "default_name_12"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_spamfilter_options – Configure AntiSpam options in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify spamfilter feature and options category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- spamfilter_options - Configure AntiSpam options. type: dict
- dns_timeout - DNS query time out (1 - 30 sec). type: int
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure AntiSpam options.
fortios_spamfilter_options:
vdom: "{{ vdom }}"
spamfilter_options:
dns_timeout: "3"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_spamfilter_profile – Configure AntiSpam profiles in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify spamfilter feature and profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- spamfilter_profile - Configure AntiSpam profiles. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- comment - Comment. type: str
- external - Enable/disable external Email inspection. type: str choices: enable, disable
- flow_based - Enable/disable flow-based spam filtering. type: str choices: enable, disable
- gmail - Gmail. type: dict
- log - Enable/disable logging. type: str choices: enable, disable
- imap - IMAP. type: dict
- action - Action for spam email. type: str choices: pass, tag
- log - Enable/disable logging. type: str choices: enable, disable
- tag_msg - Subject text or header added to spam email. type: str
- tag_type - Tag subject or header for spam email. type: list choices: subject, header, spaminfo
- mapi - MAPI. type: dict
- action - Action for spam email. type: str choices: pass, discard
- log - Enable/disable logging. type: str choices: enable, disable
- msn_hotmail - MSN Hotmail. type: dict
- log - Enable/disable logging. type: str choices: enable, disable
- name - Profile name. type: str required: True
- options - Options. type: list choices: bannedword, spambwl, spamfsip, spamfssubmit, spamfschksum, spamfsurl, spamhelodns, spamraddrdns, spamrbl, spamhdrcheck, spamfsphish
- pop3 - POP3. type: dict
- action - Action for spam email. type: str choices: pass, tag
- log - Enable/disable logging. type: str choices: enable, disable
- tag_msg - Subject text or header added to spam email. type: str
- tag_type - Tag subject or header for spam email. type: list choices: subject, header, spaminfo
- replacemsg_group - Replacement message group. Source system.replacemsg-group.name. type: str
- smtp - SMTP. type: dict
- action - Action for spam email. type: str choices: pass, tag, discard
- hdrip - Enable/disable SMTP email header IP checks for spamfsip, spamrbl and spambwl filters. type: str choices: disable, enable
- local_override - Enable/disable local filter to override SMTP remote check result. type: str choices: disable, enable
- log - Enable/disable logging. type: str choices: enable, disable
- tag_msg - Subject text or header added to spam email. type: str
- tag_type - Tag subject or header for spam email. type: list choices: subject, header, spaminfo
- spam_bwl_table - Anti-spam black/white list table ID. Source spamfilter.bwl.id. type: int
- spam_bword_table - Anti-spam banned word table ID. Source spamfilter.bword.id. type: int
- spam_bword_threshold - Spam banned word threshold. type: int
- spam_filtering - Enable/disable spam filtering. type: str choices: enable, disable
- spam_iptrust_table - Anti-spam IP trust table ID. Source spamfilter.iptrust.id. type: int
- spam_log - Enable/disable spam logging for email filtering. type: str choices: disable, enable
- spam_log_fortiguard_response - Enable/disable logging FortiGuard spam response. type: str choices: disable, enable
- spam_mheader_table - Anti-spam MIME header table ID. Source spamfilter.mheader.id. type: int
- spam_rbl_table - Anti-spam DNSBL table ID. Source spamfilter.dnsbl.id. type: int
- yahoo_mail - Yahoo! Mail. type: dict
- log - Enable/disable logging. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure AntiSpam profiles.
fortios_spamfilter_profile:
vdom: "{{ vdom }}"
state: "present"
spamfilter_profile:
comment: "Comment."
external: "enable"
flow_based: "enable"
gmail:
log: "enable"
imap:
action: "pass"
log: "enable"
tag_msg: "<your_own_value>"
tag_type: "subject"
mapi:
action: "pass"
log: "enable"
msn_hotmail:
log: "enable"
name: "default_name_18"
options: "bannedword"
pop3:
action: "pass"
log: "enable"
tag_msg: "<your_own_value>"
tag_type: "subject"
replacemsg_group: "<your_own_value> (source system.replacemsg-group.name)"
smtp:
action: "pass"
hdrip: "disable"
local_override: "disable"
log: "enable"
tag_msg: "<your_own_value>"
tag_type: "subject"
spam_bwl_table: "33 (source spamfilter.bwl.id)"
spam_bword_table: "34 (source spamfilter.bword.id)"
spam_bword_threshold: "35"
spam_filtering: "enable"
spam_iptrust_table: "37 (source spamfilter.iptrust.id)"
spam_log: "disable"
spam_log_fortiguard_response: "disable"
spam_mheader_table: "40 (source spamfilter.mheader.id)"
spam_rbl_table: "41 (source spamfilter.dnsbl.id)"
yahoo_mail:
log: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_ssh_filter_profile – SSH filter profile in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify ssh_filter feature and profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- ssh_filter_profile - SSH filter profile. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- block - SSH blocking options. type: str choices: x11, shell, exec, port-forward, tun-forward, sftp, unknown
- default_command_log - Enable/disable logging unmatched shell commands. type: str choices: enable, disable
- log - SSH logging options. type: str choices: x11, shell, exec, port-forward, tun-forward, sftp, unknown
- name - SSH filter profile name. type: str required: True
- shell_commands - SSH command filter. type: list
- action - Action to take for URL filter matches. type: str choices: block, allow
- alert - Enable/disable alert. type: str choices: enable, disable
- id - Id. type: int required: True
- log - Enable/disable logging. type: str choices: enable, disable
- pattern - SSH shell command pattern. type: str
- severity - Log severity. type: str choices: low, medium, high, critical
- type - Matching type. type: str choices: simple, regex
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: SSH filter profile.
fortios_ssh_filter_profile:
vdom: "{{ vdom }}"
state: "present"
ssh_filter_profile:
block: "x11"
default_command_log: "enable"
log: "x11"
name: "default_name_6"
shell_commands:
-
action: "block"
alert: "enable"
id: "10"
log: "enable"
pattern: "<your_own_value>"
severity: "low"
type: "simple"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_switch_controller_802_1x_settings – Configure global 802.1X settings in Fortinet’s FortiOS and FortiGate.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and 802_1x_settings category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- switch_controller_802_1x_settings - Configure global 802.1X settings. type: dict
- link_down_auth - Interface-reauthentication state to set if a link is down. type: str choices: set-unauth, no-action
- max_reauth_attempt - Maximum number of authentication attempts (0 - 15). type: int
- reauth_period - Period of time to allow for reauthentication (1 - 1440 sec). type: int
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure global 802.1X settings.
fortios_switch_controller_802_1x_settings:
vdom: "{{ vdom }}"
switch_controller_802_1x_settings:
link_down_auth: "set-unauth"
max_reauth_attempt: "4"
reauth_period: "5"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_switch_controller_custom_command – Configure the FortiGate switch controller to send custom commands to managed FortiSwitch devices in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and custom_command category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- switch_controller_custom_command - Configure the FortiGate switch controller to send custom commands to managed FortiSwitch devices. type: dict
- command - String of commands to send to FortiSwitch devices (For example (%0a = return key): config switch trunk %0a edit myTrunk %0a set members port1 port2 %0a end %0a). type: str
- command_name - Command name called by the FortiGate switch controller in the execute command. type: str
- description - Description. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure the FortiGate switch controller to send custom commands to managed FortiSwitch devices.
fortios_switch_controller_custom_command:
vdom: "{{ vdom }}"
state: "present"
switch_controller_custom_command:
command: "<your_own_value>"
command_name: "<your_own_value>"
description: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_switch_controller_global – Configure FortiSwitch global settings in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and global category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- switch_controller_global - Configure FortiSwitch global settings. type: dict
- allow_multiple_interfaces - Enable/disable multiple FortiLink interfaces for redundant connections between a managed FortiSwitch and FortiGate. type: str choices: enable, disable
- default_virtual_switch_vlan - Default VLAN for ports when added to the virtual-switch. Source system.interface.name. type: str
- disable_discovery - Prevent this FortiSwitch from discovering. type: list
- name - Managed device ID. type: str required: True
- https_image_push - Enable/disable image push to FortiSwitch using HTTPS. type: str choices: enable, disable
- log_mac_limit_violations - Enable/disable logs for Learning Limit Violations. type: str choices: enable, disable
- mac_aging_interval - Time after which an inactive MAC is aged out (10 - 1000000 sec). type: int
- mac_retention_period - Time in hours after which an inactive MAC is removed from client DB. type: int
- mac_violation_timer - Set timeout for Learning Limit Violations (0 = disabled). type: int
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure FortiSwitch global settings.
fortios_switch_controller_global:
vdom: "{{ vdom }}"
switch_controller_global:
allow_multiple_interfaces: "enable"
default_virtual_switch_vlan: "<your_own_value> (source system.interface.name)"
disable_discovery:
-
name: "default_name_6"
https_image_push: "enable"
log_mac_limit_violations: "enable"
mac_aging_interval: "9"
mac_retention_period: "10"
mac_violation_timer: "11"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_switch_controller_igmp_snooping – Configure FortiSwitch IGMP snooping global settings in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and igmp_snooping category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- switch_controller_igmp_snooping - Configure FortiSwitch IGMP snooping global settings. type: dict
- aging_time - Maximum number of seconds to retain a multicast snooping entry for which no packets have been seen (15 - 3600 sec). type: int
- flood_unknown_multicast - Enable/disable unknown multicast flooding. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure FortiSwitch IGMP snooping global settings.
fortios_switch_controller_igmp_snooping:
vdom: "{{ vdom }}"
switch_controller_igmp_snooping:
aging_time: "3"
flood_unknown_multicast: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_switch_controller_lldp_profile – Configure FortiSwitch LLDP profiles in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and lldp_profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- switch_controller_lldp_profile - Configure FortiSwitch LLDP profiles. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- tlvs_802dot1 - Transmitted IEEE 802.1 TLVs. type: str choices: port-vlan-id
- tlvs_802dot3 - Transmitted IEEE 802.3 TLVs. type: str choices: max-frame-size
- auto_isl - Enable/disable auto inter-switch LAG. type: str choices: disable, enable
- auto_isl_hello_timer - Auto inter-switch LAG hello timer duration (1 - 30 sec). type: int
- auto_isl_port_group - Auto inter-switch LAG port group ID (0 - 9). type: int
- auto_isl_receive_timeout - Auto inter-switch LAG timeout if no response is received (3 - 90 sec). type: int
- custom_tlvs - Configuration method to edit custom TLV entries. type: list
- information_string - Organizationally defined information string (0 - 507 hexadecimal bytes). type: str
- name - TLV name (not sent). type: str required: True
- oui - Organizationally unique identifier (OUI), a 3-byte hexadecimal number, for this TLV. type: str
- subtype - Organizationally defined subtype (0 - 255). type: int
- med_network_policy - Configuration method to edit Media Endpoint Discovery (MED) network policy type-length-value (TLV) categories. type: list
- dscp - Advertised Differentiated Services Code Point (DSCP) value, a packet header value indicating the level of service requested for traffic, such as high priority or best effort delivery. type: int
- name - Policy type name. type: str required: True
- priority - Advertised Layer 2 priority (0 - 7; from lowest to highest priority). type: int
- status - Enable or disable this TLV. type: str choices: disable, enable
- vlan - ID of VLAN to advertise, if configured on port (0 - 4094, 0 = priority tag). type: int
- med_tlvs - Transmitted LLDP-MED TLVs (type-length-value descriptions): inventory management TLV and/or network policy TLV. type: str choices: inventory-management, network-policy
- name - Profile name. type: str required: True
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure FortiSwitch LLDP profiles.
fortios_switch_controller_lldp_profile:
vdom: "{{ vdom }}"
state: "present"
switch_controller_lldp_profile:
tlvs_802dot1: "port-vlan-id"
tlvs_802dot3: "max-frame-size"
auto_isl: "disable"
auto_isl_hello_timer: "6"
auto_isl_port_group: "7"
auto_isl_receive_timeout: "8"
custom_tlvs:
-
information_string: "<your_own_value>"
name: "default_name_11"
oui: "<your_own_value>"
subtype: "13"
med_network_policy:
-
dscp: "15"
name: "default_name_16"
priority: "17"
status: "disable"
vlan: "19"
med_tlvs: "inventory-management"
name: "default_name_21"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_switch_controller_lldp_settings – Configure FortiSwitch LLDP settings in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and lldp_settings category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- switch_controller_lldp_settings - Configure FortiSwitch LLDP settings. type: dict
- fast_start_interval - Frequency of LLDP PDU transmission from FortiSwitch for the first 4 packets when the link is up (2 - 5 sec). type: int
- management_interface - Primary management interface to be advertised in LLDP and CDP PDUs. type: str choices: internal, mgmt
- status - Enable/disable LLDP global settings. type: str choices: enable, disable
- tx_hold - Number of tx-intervals before local LLDP data expires (1 - 16). Packet TTL is tx-hold * tx-interval. type: int
- tx_interval - Frequency of LLDP PDU transmission from FortiSwitch (5 - 4095 sec). Packet TTL is tx-hold * tx-interval. type: int
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure FortiSwitch LLDP settings.
fortios_switch_controller_lldp_settings:
vdom: "{{ vdom }}"
switch_controller_lldp_settings:
fast_start_interval: "3"
management_interface: "internal"
status: "enable"
tx_hold: "6"
tx_interval: "7"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_switch_controller_mac_sync_settings – Configure global MAC synchronization settings in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and mac_sync_settings category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- switch_controller_mac_sync_settings - Configure global MAC synchronization settings. type: dict
- mac_sync_interval - Time interval between MAC synchronizations (30 - 1800 sec). type: int
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure global MAC synchronization settings.
fortios_switch_controller_mac_sync_settings:
vdom: "{{ vdom }}"
switch_controller_mac_sync_settings:
mac_sync_interval: "3"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_switch_controller_managed_switch – Configure FortiSwitch devices that are managed by this FortiGate in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and managed_switch category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- switch_controller_managed_switch - Configure FortiSwitch devices that are managed by this FortiGate. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- settings_802_1X - Configuration method to edit FortiSwitch 802.1X global settings. type: dict
- link_down_auth - Authentication state to set if a link is down. type: str choices: set-unauth, no-action
- local_override - Enable to override global 802.1X settings on individual FortiSwitches. type: str choices: enable, disable
- max_reauth_attempt - Maximum number of authentication attempts (0 - 15). type: int
- reauth_period - Reauthentication time interval (1 - 1440 min). type: int
- custom_command - Configuration method to edit FortiSwitch commands to be pushed to this FortiSwitch device upon rebooting the FortiGate switch controller or the FortiSwitch. type: list
- command_entry - List of FortiSwitch commands. type: str
- command_name - Names of commands to be pushed to this FortiSwitch device, as configured under config switch-controller custom-command. Source switch-controller.custom-command.command-name. type: str
- delayed_restart_trigger - Delayed restart triggered for this FortiSwitch. type: int
- description - Description. type: str
- directly_connected - Directly connected FortiSwitch. type: int
- dynamic_capability - List of features this FortiSwitch supports (not configurable) that is sent to the FortiGate device for subsequent configuration initiated by the FortiGate device. type: int
- dynamically_discovered - Dynamically discovered FortiSwitch. type: int
- fsw_wan1_admin - FortiSwitch WAN1 admin status; enable to authorize the FortiSwitch as a managed switch. type: str choices: discovered, disable, enable
- fsw_wan1_peer - Fortiswitch WAN1 peer port. type: str
- fsw_wan2_admin - FortiSwitch WAN2 admin status; enable to authorize the FortiSwitch as a managed switch. type: str choices: discovered, disable, enable
- fsw_wan2_peer - FortiSwitch WAN2 peer port. type: str
- igmp_snooping - Configure FortiSwitch IGMP snooping global settings. type: dict
- aging_time - Maximum time to retain a multicast snooping entry for which no packets have been seen (15 - 3600 sec). type: int
- flood_unknown_multicast - Enable/disable unknown multicast flooding. type: str choices: enable, disable
- local_override - Enable/disable overriding the global IGMP snooping configuration. type: str choices: enable, disable
- max_allowed_trunk_members - FortiSwitch maximum allowed trunk members. type: int
- mirror - Configuration method to edit FortiSwitch packet mirror. type: list
- dst - Destination port. type: str
- name - Mirror name. type: str required: True
- src_egress - Source egress interfaces. type: list
- name - Interface name. type: str required: True
- src_ingress - Source ingress interfaces. type: list
- name - Interface name. type: str required: True
- status - Active/inactive mirror configuration. type: str choices: active, inactive
- switching_packet - Enable/disable switching functionality when mirroring. type: str choices: enable, disable
- name - Managed-switch name. type: str
- owner_vdom - VDOM which owner of port belongs to. type: str
- poe_detection_type - PoE detection type for FortiSwitch. type: int
- poe_pre_standard_detection - Enable/disable PoE pre-standard detection. type: str choices: enable, disable
- ports - Managed-switch port list. type: list
- allowed_vlans - Configure switch port tagged vlans type: list
- vlan_name - VLAN name. Source system.interface.name. type: str
- allowed_vlans_all - Enable/disable all defined vlans on this port. type: str choices: enable, disable
- arp_inspection_trust - Trusted or untrusted dynamic ARP inspection. type: str choices: untrusted, trusted
- bundle - Enable/disable Link Aggregation Group (LAG) bundling for non-FortiLink interfaces. type: str choices: enable, disable
- description - Description for port. type: str
- dhcp_snoop_option82_trust - Enable/disable allowance of DHCP with option-82 on untrusted interface. type: str choices: enable, disable
- dhcp_snooping - Trusted or untrusted DHCP-snooping interface. type: str choices: untrusted, trusted
- discard_mode - Configure discard mode for port. type: str choices: none, all-untagged, all-tagged
- edge_port - Enable/disable this interface as an edge port, bridging connections between workstations and/or computers. type: str choices: enable, disable
- export_tags - Switch controller export tag name. type: list
- tag_name - Switch tag name. Source switch-controller.switch-interface-tag.name. type: str
- export_to - Export managed-switch port to a tenant VDOM. Source system.vdom.name. type: str
- export_to_pool - Switch controller export port to pool-list. Source switch-controller.virtual-port-pool.name. type: str
- export_to_pool_flag - Switch controller export port to pool-list. type: int
- fgt_peer_device_name - FGT peer device name. type: str
- fgt_peer_port_name - FGT peer port name. type: str
- fiber_port - Fiber-port. type: int
- flags - Port properties flags. type: int
- fortilink_port - FortiLink uplink port. type: int
- igmp_snooping - Set IGMP snooping mode for the physical port interface. type: str choices: enable, disable
- igmps_flood_reports - Enable/disable flooding of IGMP reports to this interface when igmp-snooping enabled. type: str choices: enable, disable
- igmps_flood_traffic - Enable/disable flooding of IGMP snooping traffic to this interface. type: str choices: enable, disable
- isl_local_trunk_name - ISL local trunk name. type: str
- isl_peer_device_name - ISL peer device name. type: str
- isl_peer_port_name - ISL peer port name. type: str
- lacp_speed - end Link Aggregation Control Protocol (LACP) messages every 30 seconds (slow) or every second (fast). type: str choices: slow, fast
- learning_limit - Limit the number of dynamic MAC addresses on this Port (1 - 128, 0 = no limit, default). type: int
- lldp_profile - LLDP port TLV profile. Source switch-controller.lldp-profile.name. type: str
- lldp_status - LLDP transmit and receive status. type: str choices: disable, rx-only, tx-only, tx-rx
- loop_guard - Enable/disable loop-guard on this interface, an STP optimization used to prevent network loops. type: str choices: enabled, disabled
- loop_guard_timeout - Loop-guard timeout (0 - 120 min). type: int
- max_bundle - Maximum size of LAG bundle (1 - 24) type: int
- mclag - Enable/disable multi-chassis link aggregation (MCLAG). type: str choices: enable, disable
- member_withdrawal_behavior - Port behavior after it withdraws because of loss of control packets. type: str choices: forward, block
- members - Aggregated LAG bundle interfaces. type: list
- member_name - Interface name from available options. type: str
- min_bundle - Minimum size of LAG bundle (1 - 24) type: int
- mode - LACP mode: ignore and do not send control messages, or negotiate 802.3ad aggregation passively or actively. type: str choices: static, lacp-passive, lacp-active
- poe_capable - PoE capable. type: int
- poe_pre_standard_detection - Enable/disable PoE pre-standard detection. type: str choices: enable, disable
- poe_status - Enable/disable PoE status. type: str choices: enable, disable
- port_name - Switch port name. type: str
- port_number - Port number. type: int
- port_owner - Switch port name. type: str
- port_prefix_type - Port prefix type. type: int
- port_security_policy - Switch controller authentication policy to apply to this managed switch from available options. Source switch-controller .security-policy.802-1X.name switch-controller.security-policy.captive-portal.name. type: str
- port_selection_criteria - Algorithm for aggregate port selection. type: str choices: src-mac, dst-mac, src-dst-mac, src-ip, dst-ip, src-dst-ip
- qos_policy - Switch controller QoS policy from available options. Source switch-controller.qos.qos-policy.name. type: str
- sample_direction - sFlow sample direction. type: str choices: tx, rx, both
- sflow_counter_interval - sFlow sampler counter polling interval (1 - 255 sec). type: int
- sflow_sample_rate - sFlow sampler sample rate (0 - 99999 p/sec). type: int
- sflow_sampler - Enable/disable sFlow protocol on this interface. type: str choices: enabled, disabled
- speed - Switch port speed; default and available settings depend on hardware. type: str choices: 10half, 10full, 100half, 100full, 1000auto, 1000fiber, 1000full, 10000, 40000, auto, auto-module, 100FX-half, 100FX-full, 100000full, 2500full, 25000full, 50000full
- speed_mask - Switch port speed mask. type: int
- stacking_port - Stacking port. type: int
- status - Switch port admin status: up or down. type: str choices: up, down
- stp_bpdu_guard - Enable/disable STP BPDU guard on this interface. type: str choices: enabled, disabled
- stp_bpdu_guard_timeout - BPDU Guard disabling protection (0 - 120 min). type: int
- stp_root_guard - Enable/disable STP root guard on this interface. type: str choices: enabled, disabled
- stp_state - Enable/disable Spanning Tree Protocol (STP) on this interface. type: str choices: enabled, disabled
- switch_id - Switch id. type: str
- type - Interface type: physical or trunk port. type: str choices: physical, trunk
- untagged_vlans - Configure switch port untagged vlans type: list
- vlan_name - VLAN name. Source system.interface.name. type: str
- virtual_port - Virtualized switch port. type: int
- vlan - Assign switch ports to a VLAN. Source system.interface.name. type: str
- pre_provisioned - Pre-provisioned managed switch. type: int
- staged_image_version - Staged image version for FortiSwitch. type: str
- storm_control - Configuration method to edit FortiSwitch storm control for measuring traffic activity using data rates to prevent traffic disruption. type: dict
- broadcast - Enable/disable storm control to drop broadcast traffic. type: str choices: enable, disable
- local_override - Enable to override global FortiSwitch storm control settings for this FortiSwitch. type: str choices: enable, disable
- rate - Rate in packets per second at which storm traffic is controlled (1 - 10000000). Storm control drops excess traffic data rates beyond this threshold. type: int
- unknown_multicast - Enable/disable storm control to drop unknown multicast traffic. type: str choices: enable, disable
- unknown_unicast - Enable/disable storm control to drop unknown unicast traffic. type: str choices: enable, disable
- stp_settings - Configuration method to edit Spanning Tree Protocol (STP) settings used to prevent bridge loops. type: dict
- forward_time - Period of time a port is in listening and learning state (4 - 30 sec). type: int
- hello_time - Period of time between successive STP frame Bridge Protocol Data Units (BPDUs) sent on a port (1 - 10 sec). type: int
- local_override - Enable to configure local STP settings that override global STP settings. type: str choices: enable, disable
- max_age - Maximum time before a bridge port saves its configuration BPDU information (6 - 40 sec). type: int
- max_hops - Maximum number of hops between the root bridge and the furthest bridge (1- 40). type: int
- name - Name of local STP settings configuration. type: str
- pending_timer - Pending time (1 - 15 sec). type: int
- revision - STP revision number (0 - 65535). type: int
- status - Enable/disable STP. type: str choices: enable, disable
- switch_device_tag - User definable label/tag. type: str
- switch_id - Managed-switch id. type: str
- switch_log - Configuration method to edit FortiSwitch logging settings (logs are transferred to and inserted into the FortiGate event log). type: dict
- local_override - Enable to configure local logging settings that override global logging settings. type: str choices: enable, disable
- severity - Severity of FortiSwitch logs that are added to the FortiGate event log. type: str choices: emergency, alert, critical, error, warning, notification, information, debug
- status - Enable/disable adding FortiSwitch logs to the FortiGate event log. type: str choices: enable, disable
- switch_profile - FortiSwitch profile. Source switch-controller.switch-profile.name. type: str
- switch_stp_settings - Configure spanning tree protocol (STP). type: dict
- status - Enable/disable STP. type: str choices: enable, disable
- type - Indication of switch type, physical or virtual. type: str choices: virtual, physical
- version - FortiSwitch version. type: int
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure FortiSwitch devices that are managed by this FortiGate.
fortios_switch_controller_managed_switch:
vdom: "{{ vdom }}"
state: "present"
switch_controller_managed_switch:
settings_802_1X:
link_down_auth: "set-unauth"
local_override: "enable"
max_reauth_attempt: "6"
reauth_period: "7"
custom_command:
-
command_entry: "<your_own_value>"
command_name: "<your_own_value> (source switch-controller.custom-command.command-name)"
delayed_restart_trigger: "11"
description: "<your_own_value>"
directly_connected: "13"
dynamic_capability: "14"
dynamically_discovered: "15"
fsw_wan1_admin: "discovered"
fsw_wan1_peer: "<your_own_value>"
fsw_wan2_admin: "discovered"
fsw_wan2_peer: "<your_own_value>"
igmp_snooping:
aging_time: "21"
flood_unknown_multicast: "enable"
local_override: "enable"
max_allowed_trunk_members: "24"
mirror:
-
dst: "<your_own_value>"
name: "default_name_27"
src_egress:
-
name: "default_name_29"
src_ingress:
-
name: "default_name_31"
status: "active"
switching_packet: "enable"
name: "default_name_34"
owner_vdom: "<your_own_value>"
poe_detection_type: "36"
poe_pre_standard_detection: "enable"
ports:
-
allowed_vlans:
-
vlan_name: "<your_own_value> (source system.interface.name)"
allowed_vlans_all: "enable"
arp_inspection_trust: "untrusted"
bundle: "enable"
description: "<your_own_value>"
dhcp_snoop_option82_trust: "enable"
dhcp_snooping: "untrusted"
discard_mode: "none"
edge_port: "enable"
export_tags:
-
tag_name: "<your_own_value> (source switch-controller.switch-interface-tag.name)"
export_to: "<your_own_value> (source system.vdom.name)"
export_to_pool: "<your_own_value> (source switch-controller.virtual-port-pool.name)"
export_to_pool_flag: "53"
fgt_peer_device_name: "<your_own_value>"
fgt_peer_port_name: "<your_own_value>"
fiber_port: "56"
flags: "57"
fortilink_port: "58"
igmp_snooping: "enable"
igmps_flood_reports: "enable"
igmps_flood_traffic: "enable"
isl_local_trunk_name: "<your_own_value>"
isl_peer_device_name: "<your_own_value>"
isl_peer_port_name: "<your_own_value>"
lacp_speed: "slow"
learning_limit: "66"
lldp_profile: "<your_own_value> (source switch-controller.lldp-profile.name)"
lldp_status: "disable"
loop_guard: "enabled"
loop_guard_timeout: "70"
max_bundle: "71"
mclag: "enable"
member_withdrawal_behavior: "forward"
members:
-
member_name: "<your_own_value>"
min_bundle: "76"
mode: "static"
poe_capable: "78"
poe_pre_standard_detection: "enable"
poe_status: "enable"
port_name: "<your_own_value>"
port_number: "82"
port_owner: "<your_own_value>"
port_prefix_type: "84"
port_security_policy: "<your_own_value> (source switch-controller.security-policy.802-1X.name switch-controller.security-policy.captive-portal
.name)"
port_selection_criteria: "src-mac"
qos_policy: "<your_own_value> (source switch-controller.qos.qos-policy.name)"
sample_direction: "tx"
sflow_counter_interval: "89"
sflow_sample_rate: "90"
sflow_sampler: "enabled"
speed: "10half"
speed_mask: "93"
stacking_port: "94"
status: "up"
stp_bpdu_guard: "enabled"
stp_bpdu_guard_timeout: "97"
stp_root_guard: "enabled"
stp_state: "enabled"
switch_id: "<your_own_value>"
type: "physical"
untagged_vlans:
-
vlan_name: "<your_own_value> (source system.interface.name)"
virtual_port: "104"
vlan: "<your_own_value> (source system.interface.name)"
pre_provisioned: "106"
staged_image_version: "<your_own_value>"
storm_control:
broadcast: "enable"
local_override: "enable"
rate: "111"
unknown_multicast: "enable"
unknown_unicast: "enable"
stp_settings:
forward_time: "115"
hello_time: "116"
local_override: "enable"
max_age: "118"
max_hops: "119"
name: "default_name_120"
pending_timer: "121"
revision: "122"
status: "enable"
switch_device_tag: "<your_own_value>"
switch_id: "<your_own_value>"
switch_log:
local_override: "enable"
severity: "emergency"
status: "enable"
switch_profile: "<your_own_value> (source switch-controller.switch-profile.name)"
switch_stp_settings:
status: "enable"
type: "virtual"
version: "134"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_switch_controller_network_monitor_settings – Configure network monitor settings in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and network_monitor_settings category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- switch_controller_network_monitor_settings - Configure network monitor settings. type: dict
- network_monitoring - Enable/disable passive gathering of information by FortiSwitch units concerning other network devices. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure network monitor settings.
fortios_switch_controller_network_monitor_settings:
vdom: "{{ vdom }}"
switch_controller_network_monitor_settings:
network_monitoring: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_switch_controller_qos_dot1p_map – Configure FortiSwitch QoS 802.1p in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller_qos feature and dot1p_map category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- switch_controller_qos_dot1p_map - Configure FortiSwitch QoS 802.1p. type: dict
- description - Description of the 802.1p name. type: str
- name - Dot1p map name. type: str required: True
- priority_0 - COS queue mapped to dot1p priority number. type: str choices: queue-0, queue-1, queue-2, queue-3, queue-4, queue-5, queue-6, queue-7
- priority_1 - COS queue mapped to dot1p priority number. type: str choices: queue-0, queue-1, queue-2, queue-3, queue-4, queue-5, queue-6, queue-7
- priority_2 - COS queue mapped to dot1p priority number. type: str choices: queue-0, queue-1, queue-2, queue-3, queue-4, queue-5, queue-6, queue-7
- priority_3 - COS queue mapped to dot1p priority number. type: str choices: queue-0, queue-1, queue-2, queue-3, queue-4, queue-5, queue-6, queue-7
- priority_4 - COS queue mapped to dot1p priority number. type: str choices: queue-0, queue-1, queue-2, queue-3, queue-4, queue-5, queue-6, queue-7
- priority_5 - COS queue mapped to dot1p priority number. type: str choices: queue-0, queue-1, queue-2, queue-3, queue-4, queue-5, queue-6, queue-7
- priority_6 - COS queue mapped to dot1p priority number. type: str choices: queue-0, queue-1, queue-2, queue-3, queue-4, queue-5, queue-6, queue-7
- priority_7 - COS queue mapped to dot1p priority number. type: str choices: queue-0, queue-1, queue-2, queue-3, queue-4, queue-5, queue-6, queue-7
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure FortiSwitch QoS 802.1p.
fortios_switch_controller_qos_dot1p_map:
vdom: "{{ vdom }}"
state: "present"
switch_controller_qos_dot1p_map:
description: "<your_own_value>"
name: "default_name_4"
priority_0: "queue-0"
priority_1: "queue-0"
priority_2: "queue-0"
priority_3: "queue-0"
priority_4: "queue-0"
priority_5: "queue-0"
priority_6: "queue-0"
priority_7: "queue-0"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_switch_controller_qos_ip_dscp_map – Configure FortiSwitch QoS IP precedence/DSCP in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller_qos feature and ip_dscp_map category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- switch_controller_qos_ip_dscp_map - Configure FortiSwitch QoS IP precedence/DSCP. type: dict
- description - Description of the ip-dscp map name. type: str
- map - Maps between IP-DSCP value to COS queue. type: list
- cos_queue - COS queue number. type: int
- diffserv - Differentiated service. type: str choices: CS0, CS1, AF11, AF12, AF13, CS2, AF21, AF22, AF23, CS3, AF31, AF32, AF33, CS4, AF41, AF42, AF43, CS5, EF, CS6, CS7
- ip_precedence - IP Precedence. type: str choices: network-control, internetwork-control, critic-ecp, flashoverride, flash, immediate, priority, routine
- name - Dscp mapping entry name. type: str required: True
- value - Raw values of DSCP (0 - 63). type: str
- name - Dscp map name. type: str required: True
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure FortiSwitch QoS IP precedence/DSCP.
fortios_switch_controller_qos_ip_dscp_map:
vdom: "{{ vdom }}"
state: "present"
switch_controller_qos_ip_dscp_map:
description: "<your_own_value>"
map:
-
cos_queue: "5"
diffserv: "CS0"
ip_precedence: "network-control"
name: "default_name_8"
value: "<your_own_value>"
name: "default_name_10"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_switch_controller_qos_qos_policy – Configure FortiSwitch QoS policy in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller_qos feature and qos_policy category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- switch_controller_qos_qos_policy - Configure FortiSwitch QoS policy. type: dict
- default_cos - Default cos queue for untagged packets. type: int
- name - QoS policy name. type: str required: True
- queue_policy - QoS egress queue policy. Source switch-controller.qos.queue-policy.name. type: str
- trust_dot1p_map - QoS trust 802.1p map. Source switch-controller.qos.dot1p-map.name. type: str
- trust_ip_dscp_map - QoS trust ip dscp map. Source switch-controller.qos.ip-dscp-map.name. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure FortiSwitch QoS policy.
fortios_switch_controller_qos_qos_policy:
vdom: "{{ vdom }}"
state: "present"
switch_controller_qos_qos_policy:
default_cos: "3"
name: "default_name_4"
queue_policy: "<your_own_value> (source switch-controller.qos.queue-policy.name)"
trust_dot1p_map: "<your_own_value> (source switch-controller.qos.dot1p-map.name)"
trust_ip_dscp_map: "<your_own_value> (source switch-controller.qos.ip-dscp-map.name)"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_switch_controller_qos_queue_policy – Configure FortiSwitch QoS egress queue policy in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller_qos feature and queue_policy category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- switch_controller_qos_queue_policy - Configure FortiSwitch QoS egress queue policy. type: dict
- cos_queue - COS queue configuration. type: list
- description - Description of the COS queue. type: str
- drop_policy - COS queue drop policy. type: str choices: taildrop, weighted-random-early-detection
- max_rate - Maximum rate (0 - 4294967295 kbps, 0 to disable). type: int
- min_rate - Minimum rate (0 - 4294967295 kbps, 0 to disable). type: int
- name - Cos queue ID. type: str required: True
- weight - Weight of weighted round robin scheduling. type: int
- name - QoS policy name type: str required: True
- schedule - COS queue scheduling. type: str choices: strict, round-robin, weighted
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure FortiSwitch QoS egress queue policy.
fortios_switch_controller_qos_queue_policy:
vdom: "{{ vdom }}"
state: "present"
switch_controller_qos_queue_policy:
cos_queue:
-
description: "<your_own_value>"
drop_policy: "taildrop"
max_rate: "6"
min_rate: "7"
name: "default_name_8"
weight: "9"
name: "default_name_10"
schedule: "strict"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_switch_controller_quarantine – Configure FortiSwitch quarantine support in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and quarantine category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- switch_controller_quarantine - Configure FortiSwitch quarantine support. type: dict
- quarantine - Enable/disable quarantine. type: str choices: enable, disable
- targets - Quarantine MACs. type: list
- description - Description for the quarantine MAC. type: str
- entry_id - FSW entry id for the quarantine MAC. type: int
- mac - Quarantine MAC. type: str required: True
- tag - Tags for the quarantine MAC. type: list
- tags - Tag string(eg. string1 string2 string3). type: str required: True
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure FortiSwitch quarantine support.
fortios_switch_controller_quarantine:
vdom: "{{ vdom }}"
switch_controller_quarantine:
quarantine: "enable"
targets:
-
description: "<your_own_value>"
entry_id: "6"
mac: "<your_own_value>"
tag:
-
tags: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_switch_controller_security_policy_802_1x – Configure 802.1x MAC Authentication Bypass (MAB) policies in Fortinet’s FortiOS and FortiGate.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller_security_policy feature and 802_1x category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- switch_controller_security_policy_802_1x - Configure 802.1x MAC Authentication Bypass (MAB) policies. type: dict
- auth_fail_vlan - Enable to allow limited access to clients that cannot authenticate. type: str choices: disable, enable
- auth_fail_vlan_id - VLAN ID on which authentication failed. Source system.interface.name. type: str
- auth_fail_vlanid - VLAN ID on which authentication failed. type: int
- eap_passthru - Enable/disable EAP pass-through mode, allowing protocols (such as LLDP) to pass through ports for more flexible authentication. type: str choices: disable, enable
- guest_auth_delay - Guest authentication delay (1 - 900 sec). type: int
- guest_vlan - Enable the guest VLAN feature to allow limited access to non-802.1X-compliant clients. type: str choices: disable, enable
- guest_vlan_id - Guest VLAN name. Source system.interface.name. type: str
- guest_vlanid - Guest VLAN ID. type: int
- mac_auth_bypass - Enable/disable MAB for this policy. type: str choices: disable, enable
- name - Policy name. type: str required: True
- open_auth - Enable/disable open authentication for this policy. type: str choices: disable, enable
- policy_type - Policy type. type: str choices: 802.1X
- radius_timeout_overwrite - Enable to override the global RADIUS session timeout. type: str choices: disable, enable
- security_mode - Port or MAC based 802.1X security mode. type: str choices: 802.1X, 802.1X-mac-based
- user_group - Name of user-group to assign to this MAC Authentication Bypass (MAB) policy. type: list
- name - Group name. Source user.group.name. type: str required: True
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure 802.1x MAC Authentication Bypass (MAB) policies.
fortios_switch_controller_security_policy_802_1x:
vdom: "{{ vdom }}"
state: "present"
switch_controller_security_policy_802_1x:
auth_fail_vlan: "disable"
auth_fail_vlan_id: "<your_own_value> (source system.interface.name)"
auth_fail_vlanid: "5"
eap_passthru: "disable"
guest_auth_delay: "7"
guest_vlan: "disable"
guest_vlan_id: "<your_own_value> (source system.interface.name)"
guest_vlanid: "10"
mac_auth_bypass: "disable"
name: "default_name_12"
open_auth: "disable"
policy_type: "802.1X"
radius_timeout_overwrite: "disable"
security_mode: "802.1X"
user_group:
-
name: "default_name_18 (source user.group.name)"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_switch_controller_security_policy_captive_portal – Names of VLANs that use captive portal authentication in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller_security_policy feature and captive_portal category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- switch_controller_security_policy_captive_portal - Names of VLANs that use captive portal authentication. type: dict
- name - Policy name. type: str required: True
- policy_type - Policy type. type: str choices: captive-portal
- vlan - Names of VLANs that use captive portal authentication. Source system.interface.name. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Names of VLANs that use captive portal authentication.
fortios_switch_controller_security_policy_captive_portal:
vdom: "{{ vdom }}"
state: "present"
switch_controller_security_policy_captive_portal:
name: "default_name_3"
policy_type: "captive-portal"
vlan: "<your_own_value> (source system.interface.name)"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_switch_controller_sflow – Configure FortiSwitch sFlow in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and sflow category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- switch_controller_sflow - Configure FortiSwitch sFlow. type: dict
- collector_ip - Collector IP. type: str
- collector_port - SFlow collector port (0 - 65535). type: int
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure FortiSwitch sFlow.
fortios_switch_controller_sflow:
vdom: "{{ vdom }}"
switch_controller_sflow:
collector_ip: "<your_own_value>"
collector_port: "4"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_switch_controller_storm_control – Configure FortiSwitch storm control in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and storm_control category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- switch_controller_storm_control - Configure FortiSwitch storm control. type: dict
- broadcast - Enable/disable storm control to drop broadcast traffic. type: str choices: enable, disable
- rate - Rate in packets per second at which storm traffic is controlled (1 - 10000000). Storm control drops excess traffic data rates beyond this threshold. type: int
- unknown_multicast - Enable/disable storm control to drop unknown multicast traffic. type: str choices: enable, disable
- unknown_unicast - Enable/disable storm control to drop unknown unicast traffic. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure FortiSwitch storm control.
fortios_switch_controller_storm_control:
vdom: "{{ vdom }}"
switch_controller_storm_control:
broadcast: "enable"
rate: "4"
unknown_multicast: "enable"
unknown_unicast: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_switch_controller_stp_settings – Configure FortiSwitch spanning tree protocol (STP) in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and stp_settings category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- switch_controller_stp_settings - Configure FortiSwitch spanning tree protocol (STP). type: dict
- forward_time - Period of time a port is in listening and learning state (4 - 30 sec). type: int
- hello_time - Period of time between successive STP frame Bridge Protocol Data Units (BPDUs) sent on a port (1 - 10 sec). type: int
- max_age - Maximum time before a bridge port saves its configuration BPDU information (6 - 40 sec). type: int
- max_hops - Maximum number of hops between the root bridge and the furthest bridge (1- 40). type: int
- name - Name of global STP settings configuration. type: str
- pending_timer - Pending time (1 - 15 sec). type: int
- revision - STP revision number (0 - 65535). type: int
- status - Enable/disable STP. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure FortiSwitch spanning tree protocol (STP).
fortios_switch_controller_stp_settings:
vdom: "{{ vdom }}"
switch_controller_stp_settings:
forward_time: "3"
hello_time: "4"
max_age: "5"
max_hops: "6"
name: "default_name_7"
pending_timer: "8"
revision: "9"
status: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_switch_controller_switch_group – Configure FortiSwitch switch groups in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and switch_group category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- switch_controller_switch_group - Configure FortiSwitch switch groups. type: dict
- description - Optional switch group description. type: str
- members - FortiSwitch members belonging to this switch group. type: list
- name - Managed device ID. Source switch-controller.managed-switch.switch-id. type: str required: True
- name - Switch group name. type: str required: True
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure FortiSwitch switch groups.
fortios_switch_controller_switch_group:
vdom: "{{ vdom }}"
state: "present"
switch_controller_switch_group:
description: "<your_own_value>"
members:
-
name: "default_name_5 (source switch-controller.managed-switch.switch-id)"
name: "default_name_6"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_switch_controller_switch_interface_tag – Configure switch object tags in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and switch_interface_tag category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- switch_controller_switch_interface_tag - Configure switch object tags. type: dict
- name - Tag name. type: str required: True
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure switch object tags.
fortios_switch_controller_switch_interface_tag:
vdom: "{{ vdom }}"
state: "present"
switch_controller_switch_interface_tag:
name: "default_name_3"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_switch_controller_switch_log – Configure FortiSwitch logging (logs are transferred to and inserted into FortiGate event log) in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and switch_log category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- switch_controller_switch_log - Configure FortiSwitch logging (logs are transferred to and inserted into FortiGate event log). type: dict
- severity - Severity of FortiSwitch logs that are added to the FortiGate event log. type: str choices: emergency, alert, critical, error, warning, notification, information, debug
- status - Enable/disable adding FortiSwitch logs to FortiGate event log. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure FortiSwitch logging (logs are transferred to and inserted into FortiGate event log).
fortios_switch_controller_switch_log:
vdom: "{{ vdom }}"
switch_controller_switch_log:
severity: "emergency"
status: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_switch_controller_switch_profile – Configure FortiSwitch switch profile in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and switch_profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- switch_controller_switch_profile - Configure FortiSwitch switch profile. type: dict
- login_passwd - Login password of managed FortiSwitch. type: str
- login_passwd_override - Enable/disable overriding the admin administrator password for a managed FortiSwitch with the FortiGate admin administrator account password. type: str choices: enable, disable
- name - FortiSwitch Profile name. type: str required: True
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure FortiSwitch switch profile.
fortios_switch_controller_switch_profile:
vdom: "{{ vdom }}"
state: "present"
switch_controller_switch_profile:
login_passwd: "<your_own_value>"
login_passwd_override: "enable"
name: "default_name_5"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_switch_controller_system – Configure system-wide switch controller settings in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and system category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- switch_controller_system - Configure system-wide switch controller settings. type: dict
- parallel_process - Maximum number of parallel processes (1 - 300). type: int
- parallel_process_override - Enable/disable parallel process override. type: str choices: disable, enable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure system-wide switch controller settings.
fortios_switch_controller_system:
vdom: "{{ vdom }}"
switch_controller_system:
parallel_process: "3"
parallel_process_override: "disable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_switch_controller_virtual_port_pool – Configure virtual pool in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and virtual_port_pool category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- switch_controller_virtual_port_pool - Configure virtual pool. type: dict
- description - Virtual switch pool description. type: str
- name - Virtual switch pool name. type: str required: True
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure virtual pool.
fortios_switch_controller_virtual_port_pool:
vdom: "{{ vdom }}"
state: "present"
switch_controller_virtual_port_pool:
description: "<your_own_value>"
name: "default_name_4"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_switch_controller_vlan – Configure VLANs for switch controller in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller feature and vlan category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- switch_controller_vlan - Configure VLANs for switch controller. type: dict
- auth - Authentication. type: str choices: radius, usergroup
- color - Color of icon on the GUI. type: int
- comments - Comment. type: str
- name - Switch VLAN name. type: str required: True
- portal_message_override_group - Specify captive portal replacement message override group. type: str
- portal_message_overrides - Individual message overrides. type: dict
- auth_disclaimer_page - Override auth-disclaimer-page message with message from portal-message-overrides group. type: str
- auth_login_failed_page - Override auth-login-failed-page message with message from portal-message-overrides group. type: str
- auth_login_page - Override auth-login-page message with message from portal-message-overrides group. type: str
- auth_reject_page - Override auth-reject-page message with message from portal-message-overrides group. type: str
- radius_server - Authentication radius server. Source user.radius.name. type: str
- security - Security. type: str choices: open, captive-portal, 8021x
- selected_usergroups - Selected user group. type: list
- name - User group name. Source user.group.name. type: str required: True
- usergroup - Authentication usergroup. Source user.group.name. type: str
- vdom - Virtual domain, type: str
- vlanid - VLAN ID. type: int
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure VLANs for switch controller.
fortios_switch_controller_vlan:
vdom: "{{ vdom }}"
state: "present"
switch_controller_vlan:
auth: "radius"
color: "4"
comments: "<your_own_value>"
name: "default_name_6"
portal_message_override_group: "<your_own_value>"
portal_message_overrides:
auth_disclaimer_page: "<your_own_value>"
auth_login_failed_page: "<your_own_value>"
auth_login_page: "<your_own_value>"
auth_reject_page: "<your_own_value>"
radius_server: "<your_own_value> (source user.radius.name)"
security: "open"
selected_usergroups:
-
name: "default_name_16 (source user.group.name)"
usergroup: "<your_own_value> (source user.group.name)"
vdom: "<your_own_value>"
vlanid: "19"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_3g_modem_custom – 3G MODEM custom in Fortinet’s FortiOS and FortiGate.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_3g_modem feature and custom category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_3g_modem_custom - 3G MODEM custom. type: dict
- class_id - USB interface class in hexadecimal format (00-ff). type: str
- id - ID. type: int required: True
- init_string - Init string in hexadecimal format (even length). type: str
- model - MODEM model name. type: str
- product_id - USB product ID in hexadecimal format (0000-ffff). type: str
- vendor - MODEM vendor name. type: str
- vendor_id - USB vendor ID in hexadecimal format (0000-ffff). type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: 3G MODEM custom.
fortios_system_3g_modem_custom:
vdom: "{{ vdom }}"
state: "present"
system_3g_modem_custom:
class_id: "<your_own_value>"
id: "4"
init_string: "<your_own_value>"
model: "<your_own_value>"
product_id: "<your_own_value>"
vendor: "<your_own_value>"
vendor_id: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_accprofile – Configure access profiles for system administrators in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and accprofile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- system_accprofile - Configure access profiles for system administrators. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- admintimeout - Administrator timeout for this access profile (0 - 480 min). type: int
- admintimeout_override - Enable/disable overriding the global administrator idle timeout. type: str choices: enable, disable
- authgrp - Administrator access to Users and Devices. type: str choices: none, read, read-write
- comments - Comment. type: str
- ftviewgrp - FortiView. type: str choices: none, read, read-write
- fwgrp - Administrator access to the Firewall configuration. type: str choices: none, read, read-write, custom
- fwgrp_permission - Custom firewall permission. type: dict
- address - Address Configuration. type: str choices: none, read, read-write
- policy - Policy Configuration. type: str choices: none, read, read-write
- schedule - Schedule Configuration. type: str choices: none, read, read-write
- service - Service Configuration. type: str choices: none, read, read-write
- loggrp - Administrator access to Logging and Reporting including viewing log messages. type: str choices: none, read, read-write, custom
- loggrp_permission - Custom Log & Report permission. type: dict
- config - Log & Report configuration. type: str choices: none, read, read-write
- data_access - Log & Report Data Access. type: str choices: none, read, read-write
- report_access - Log & Report Report Access. type: str choices: none, read, read-write
- threat_weight - Log & Report Threat Weight. type: str choices: none, read, read-write
- name - Profile name. type: str required: True
- netgrp - Network Configuration. type: str choices: none, read, read-write, custom
- netgrp_permission - Custom network permission. type: dict
- cfg - Network Configuration. type: str choices: none, read, read-write
- packet_capture - Packet Capture Configuration. type: str choices: none, read, read-write
- route_cfg - Router Configuration. type: str choices: none, read, read-write
- scope - Scope of admin access: global or specific VDOM(s). type: str choices: vdom, global
- secfabgrp - Security Fabric. type: str choices: none, read, read-write
- sysgrp - System Configuration. type: str choices: none, read, read-write, custom
- sysgrp_permission - Custom system permission. type: dict
- admin - Administrator Users. type: str choices: none, read, read-write
- cfg - System Configuration. type: str choices: none, read, read-write
- mnt - Maintenance. type: str choices: none, read, read-write
- upd - FortiGuard Updates. type: str choices: none, read, read-write
- utmgrp - Administrator access to Security Profiles. type: str choices: none, read, read-write, custom
- utmgrp_permission - Custom Security Profile permissions. type: dict
- antivirus - Antivirus profiles and settings. type: str choices: none, read, read-write
- application_control - Application Control profiles and settings. type: str choices: none, read, read-write
- data_loss_prevention - DLP profiles and settings. type: str choices: none, read, read-write
- dnsfilter - DNS Filter profiles and settings. type: str choices: none, read, read-write
- endpoint_control - FortiClient Profiles. type: str choices: none, read, read-write
- icap - ICAP profiles and settings. type: str choices: none, read, read-write
- ips - IPS profiles and settings. type: str choices: none, read, read-write
- spamfilter - AntiSpam filter and settings. type: str choices: none, read, read-write
- voip - VoIP profiles and settings. type: str choices: none, read, read-write
- waf - Web Application Firewall profiles and settings. type: str choices: none, read, read-write
- webfilter - Web Filter profiles and settings. type: str choices: none, read, read-write
- vpngrp - Administrator access to IPsec, SSL, PPTP, and L2TP VPN. type: str choices: none, read, read-write
- wanoptgrp - Administrator access to WAN Opt & Cache. type: str choices: none, read, read-write
- wifi - Administrator access to the WiFi controller and Switch controller. type: str choices: none, read, read-write
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure access profiles for system administrators.
fortios_system_accprofile:
vdom: "{{ vdom }}"
state: "present"
system_accprofile:
admintimeout: "3"
admintimeout_override: "enable"
authgrp: "none"
comments: "<your_own_value>"
ftviewgrp: "none"
fwgrp: "none"
fwgrp_permission:
address: "none"
policy: "none"
schedule: "none"
service: "none"
loggrp: "none"
loggrp_permission:
config: "none"
data_access: "none"
report_access: "none"
threat_weight: "none"
name: "default_name_20"
netgrp: "none"
netgrp_permission:
cfg: "none"
packet_capture: "none"
route_cfg: "none"
scope: "vdom"
secfabgrp: "none"
sysgrp: "none"
sysgrp_permission:
admin: "none"
cfg: "none"
mnt: "none"
upd: "none"
utmgrp: "none"
utmgrp_permission:
antivirus: "none"
application_control: "none"
data_loss_prevention: "none"
dnsfilter: "none"
endpoint_control: "none"
icap: "none"
ips: "none"
spamfilter: "none"
voip: "none"
waf: "none"
webfilter: "none"
vpngrp: "none"
wanoptgrp: "none"
wifi: "none"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_admin – Configure admin users in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and admin category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- system_admin - Configure admin users. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- accprofile - Access profile for this administrator. Access profiles control administrator access to FortiGate features. Source system.accprofile.name. type: str
- accprofile_override - Enable to use the name of an access profile provided by the remote authentication server to control the FortiGate features that this administrator can access. type: str choices: enable, disable
- allow_remove_admin_session - Enable/disable allow admin session to be removed by privileged admin users. type: str choices: enable, disable
- comments - Comment. type: str
- email_to - This administrator"s email address. type: str
- force_password_change - Enable/disable force password change on next login. type: str choices: enable, disable
- fortitoken - This administrator"s FortiToken serial number. type: str
- guest_auth - Enable/disable guest authentication. type: str choices: disable, enable
- guest_lang - Guest management portal language. Source system.custom-language.name. type: str
- guest_usergroups - Select guest user groups. type: list
- name - Select guest user groups. type: str required: True
- gui_dashboard - GUI dashboards. type: list
- columns - Number of columns. type: int
- id - Dashboard ID. type: int required: True
- layout_type - Layout type. type: str choices: responsive, fixed
- name - Dashboard name. type: str
- scope - Dashboard scope. type: str choices: global, vdom
- widget - Dashboard widgets. type: list
- fabric_device - Fabric device to monitor. type: str
- fortiview_filters - FortiView filters. type: list
- id - FortiView Filter ID. type: int required: True
- key - Filter key. type: str
- value - Filter value. type: str
- fortiview_sort_by - FortiView sort by. type: str
- fortiview_timeframe - FortiView timeframe. type: str
- fortiview_type - FortiView type. type: str
- fortiview_visualization - FortiView visualization. type: str
- height - Height. type: int
- id - Widget ID. type: int required: True
- industry - Security Audit Rating industry. type: str choices: default, custom
- interface - Interface to monitor. Source system.interface.name. type: str
- region - Security Audit Rating region. type: str choices: default, custom
- title - Widget title. type: str
- type - Widget type. type: str choices: sysinfo, licinfo, vminfo, forticloud, cpu-usage, memory-usage, disk-usage, log-rate, sessions, session-rate, tr-history, analytics, usb-modem, admins, security-fabric, security-fabric-ranking, ha-status, vulnerability-summary, host-scan-summary, fortiview, botnet-activity, fortimail
- width - Width. type: int
- x_pos - X position. type: int
- y_pos - Y position. type: int
- gui_global_menu_favorites - Favorite GUI menu IDs for the global VDOM. type: list
- id - Select menu ID. type: str required: True
- gui_vdom_menu_favorites - Favorite GUI menu IDs for VDOMs. type: list
- id - Select menu ID. type: str required: True
- hidden - Admin user hidden attribute. type: int
- history0 - history0 type: str
- history1 - history1 type: str
- ip6_trusthost1 - Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. type: str
- ip6_trusthost10 - Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. type: str
- ip6_trusthost2 - Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. type: str
- ip6_trusthost3 - Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. type: str
- ip6_trusthost4 - Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. type: str
- ip6_trusthost5 - Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. type: str
- ip6_trusthost6 - Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. type: str
- ip6_trusthost7 - Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. type: str
- ip6_trusthost8 - Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. type: str
- ip6_trusthost9 - Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. type: str
- login_time - Record user login time. type: list
- last_failed_login - Last failed login time. type: str
- last_login - Last successful login time. type: str
- usr_name - User name. type: str
- name - User name. type: str required: True
- password - Admin user password. type: str
- password_expire - Password expire time. type: str
- peer_auth - Set to enable peer certificate authentication (for HTTPS admin access). type: str choices: enable, disable
- peer_group - Name of peer group defined under config user group which has PKI members. Used for peer certificate authentication (for HTTPS admin access). type: str
- radius_vdom_override - Enable to use the names of VDOMs provided by the remote authentication server to control the VDOMs that this administrator can access. type: str choices: enable, disable
- remote_auth - Enable/disable authentication using a remote RADIUS, LDAP, or TACACS+ server. type: str choices: enable, disable
- remote_group - User group name used for remote auth. type: str
- schedule - Firewall schedule used to restrict when the administrator can log in. No schedule means no restrictions. type: str
- sms_custom_server - Custom SMS server to send SMS messages to. Source system.sms-server.name. type: str
- sms_phone - Phone number on which the administrator receives SMS messages. type: str
- sms_server - Send SMS messages using the FortiGuard SMS server or a custom server. type: str choices: fortiguard, custom
- ssh_certificate - Select the certificate to be used by the FortiGate for authentication with an SSH client. Source certificate.local.name. type: str
- ssh_public_key1 - Public key of an SSH client. The client is authenticated without being asked for credentials. Create the public-private key pair in the SSH client application. type: str
- ssh_public_key2 - Public key of an SSH client. The client is authenticated without being asked for credentials. Create the public-private key pair in the SSH client application. type: str
- ssh_public_key3 - Public key of an SSH client. The client is authenticated without being asked for credentials. Create the public-private key pair in the SSH client application. type: str
- trusthost1 - Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access from any IPv4 address. type: str
- trusthost10 - Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access from any IPv4 address. type: str
- trusthost2 - Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access from any IPv4 address. type: str
- trusthost3 - Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access from any IPv4 address. type: str
- trusthost4 - Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access from any IPv4 address. type: str
- trusthost5 - Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access from any IPv4 address. type: str
- trusthost6 - Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access from any IPv4 address. type: str
- trusthost7 - Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access from any IPv4 address. type: str
- trusthost8 - Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access from any IPv4 address. type: str
- trusthost9 - Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access from any IPv4 address. type: str
- two_factor - Enable/disable two-factor authentication. type: str choices: disable, fortitoken, email, sms
- vdom - Virtual domain(s) that the administrator can access. type: list
- name - Virtual domain name. Source system.vdom.name. type: str required: True
- wildcard - Enable/disable wildcard RADIUS authentication. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure admin users.
fortios_system_admin:
vdom: "{{ vdom }}"
state: "present"
system_admin:
accprofile: "<your_own_value> (source system.accprofile.name)"
accprofile_override: "enable"
allow_remove_admin_session: "enable"
comments: "<your_own_value>"
email_to: "<your_own_value>"
force_password_change: "enable"
fortitoken: "<your_own_value>"
guest_auth: "disable"
guest_lang: "<your_own_value> (source system.custom-language.name)"
guest_usergroups:
-
name: "default_name_13"
gui_dashboard:
-
columns: "15"
id: "16"
layout_type: "responsive"
name: "default_name_18"
scope: "global"
widget:
-
fabric_device: "<your_own_value>"
fortiview_filters:
-
id: "23"
key: "<your_own_value>"
value: "<your_own_value>"
fortiview_sort_by: "<your_own_value>"
fortiview_timeframe: "<your_own_value>"
fortiview_type: "<your_own_value>"
fortiview_visualization: "<your_own_value>"
height: "30"
id: "31"
industry: "default"
interface: "<your_own_value> (source system.interface.name)"
region: "default"
title: "<your_own_value>"
type: "sysinfo"
width: "37"
x_pos: "38"
y_pos: "39"
gui_global_menu_favorites:
-
id: "41"
gui_vdom_menu_favorites:
-
id: "43"
hidden: "44"
history0: "<your_own_value>"
history1: "<your_own_value>"
ip6_trusthost1: "<your_own_value>"
ip6_trusthost10: "<your_own_value>"
ip6_trusthost2: "<your_own_value>"
ip6_trusthost3: "<your_own_value>"
ip6_trusthost4: "<your_own_value>"
ip6_trusthost5: "<your_own_value>"
ip6_trusthost6: "<your_own_value>"
ip6_trusthost7: "<your_own_value>"
ip6_trusthost8: "<your_own_value>"
ip6_trusthost9: "<your_own_value>"
login_time:
-
last_failed_login: "<your_own_value>"
last_login: "<your_own_value>"
usr_name: "<your_own_value>"
name: "default_name_61"
password: "<your_own_value>"
password_expire: "<your_own_value>"
peer_auth: "enable"
peer_group: "<your_own_value>"
radius_vdom_override: "enable"
remote_auth: "enable"
remote_group: "<your_own_value>"
schedule: "<your_own_value>"
sms_custom_server: "<your_own_value> (source system.sms-server.name)"
sms_phone: "<your_own_value>"
sms_server: "fortiguard"
ssh_certificate: "<your_own_value> (source certificate.local.name)"
ssh_public_key1: "<your_own_value>"
ssh_public_key2: "<your_own_value>"
ssh_public_key3: "<your_own_value>"
trusthost1: "<your_own_value>"
trusthost10: "<your_own_value>"
trusthost2: "<your_own_value>"
trusthost3: "<your_own_value>"
trusthost4: "<your_own_value>"
trusthost5: "<your_own_value>"
trusthost6: "<your_own_value>"
trusthost7: "<your_own_value>"
trusthost8: "<your_own_value>"
trusthost9: "<your_own_value>"
two_factor: "disable"
vdom:
-
name: "default_name_89 (source system.vdom.name)"
wildcard: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_affinity_interrupt – Configure interrupt affinity in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and affinity_interrupt category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_affinity_interrupt - Configure interrupt affinity. type: dict
- affinity_cpumask - Affinity setting for VM throughput (64-bit hexadecimal value in the format of 0xxxxxxxxxxxxxxxxx). type: str
- id - ID of the interrupt affinity setting. type: int required: True
- interrupt - Interrupt name. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure interrupt affinity.
fortios_system_affinity_interrupt:
vdom: "{{ vdom }}"
state: "present"
system_affinity_interrupt:
affinity_cpumask: "<your_own_value>"
id: "4"
interrupt: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_affinity_packet_redistribution – Configure packet redistribution in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and affinity_packet_redistribution category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_affinity_packet_redistribution - Configure packet redistribution. type: dict
- affinity_cpumask - Affinity setting for VM throughput (64-bit hexadecimal value in the format of 0xxxxxxxxxxxxxxxxx). type: str
- id - ID of the packet redistribution setting. type: int required: True
- interface - Physical interface name on which to perform packet redistribution. Source system.interface.name. type: str
- rxqid - ID of the receive queue (when the interface has multiple queues) on which to perform packet redistribution. type: int
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure packet redistribution.
fortios_system_affinity_packet_redistribution:
vdom: "{{ vdom }}"
state: "present"
system_affinity_packet_redistribution:
affinity_cpumask: "<your_own_value>"
id: "4"
interface: "<your_own_value> (source system.interface.name)"
rxqid: "6"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_alarm – Configure alarm in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and alarm category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- system_alarm - Configure alarm. type: dict
- audible - Enable/disable audible alarm. type: str choices: enable, disable
- groups - Alarm groups. type: list
- admin_auth_failure_threshold - Admin authentication failure threshold. type: int
- admin_auth_lockout_threshold - Admin authentication lockout threshold. type: int
- decryption_failure_threshold - Decryption failure threshold. type: int
- encryption_failure_threshold - Encryption failure threshold. type: int
- fw_policy_id - Firewall policy ID. type: int
- fw_policy_id_threshold - Firewall policy ID threshold. type: int
- fw_policy_violations - Firewall policy violations. type: list
- dst_ip - Destination IP (0=all). type: str
- dst_port - Destination port (0=all). type: int
- id - Firewall policy violations ID. type: int required: True
- src_ip - Source IP (0=all). type: str
- src_port - Source port (0=all). type: int
- threshold - Firewall policy violation threshold. type: int
- id - Group ID. type: int required: True
- log_full_warning_threshold - Log full warning threshold. type: int
- period - Time period in seconds (0 = from start up). type: int
- replay_attempt_threshold - Replay attempt threshold. type: int
- self_test_failure_threshold - Self-test failure threshold. type: int
- user_auth_failure_threshold - User authentication failure threshold. type: int
- user_auth_lockout_threshold - User authentication lockout threshold. type: int
- status - Enable/disable alarm. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure alarm.
fortios_system_alarm:
vdom: "{{ vdom }}"
system_alarm:
audible: "enable"
groups:
-
admin_auth_failure_threshold: "5"
admin_auth_lockout_threshold: "6"
decryption_failure_threshold: "7"
encryption_failure_threshold: "8"
fw_policy_id: "9"
fw_policy_id_threshold: "10"
fw_policy_violations:
-
dst_ip: "<your_own_value>"
dst_port: "13"
id: "14"
src_ip: "<your_own_value>"
src_port: "16"
threshold: "17"
id: "18"
log_full_warning_threshold: "19"
period: "20"
replay_attempt_threshold: "21"
self_test_failure_threshold: "22"
user_auth_failure_threshold: "23"
user_auth_lockout_threshold: "24"
status: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_alias – Configure alias command in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and alias category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_alias - Configure alias command. type: dict
- command - Command list to execute. type: str
- name - Alias command name. type: str required: True
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure alias command.
fortios_system_alias:
vdom: "{{ vdom }}"
state: "present"
system_alias:
command: "<your_own_value>"
name: "default_name_4"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_api_user – Configure API users in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and api_user category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- system_api_user - Configure API users. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- accprofile - Admin user access profile. Source system.accprofile.name. type: str
- api_key - Admin user password. type: str
- comments - Comment. type: str
- cors_allow_origin - Value for Access-Control-Allow-Origin on API responses. Avoid using "*" if possible. type: str
- name - User name. type: str required: True
- peer_auth - Enable/disable peer authentication. type: str choices: enable, disable
- peer_group - Peer group name. type: str
- schedule - Schedule name. type: str
- trusthost - Trusthost. type: list
- id - Table ID. type: int required: True
- ipv4_trusthost - IPv4 trusted host address. type: str
- ipv6_trusthost - IPv6 trusted host address. type: str
- type - Trusthost type. type: str choices: ipv4-trusthost, ipv6-trusthost
- vdom - Virtual domains. type: list
- name - Virtual domain name. Source system.vdom.name. type: str required: True
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure API users.
fortios_system_api_user:
vdom: "{{ vdom }}"
state: "present"
system_api_user:
accprofile: "<your_own_value> (source system.accprofile.name)"
api_key: "<your_own_value>"
comments: "<your_own_value>"
cors_allow_origin: "<your_own_value>"
name: "default_name_7"
peer_auth: "enable"
peer_group: "<your_own_value>"
schedule: "<your_own_value>"
trusthost:
-
id: "12"
ipv4_trusthost: "<your_own_value>"
ipv6_trusthost: "<your_own_value>"
type: "ipv4-trusthost"
vdom:
-
name: "default_name_17 (source system.vdom.name)"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_arp_table – Configure ARP table in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and arp_table category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_arp_table - Configure ARP table. type: dict
- id - Unique integer ID of the entry. type: int required: True
- interface - Interface name. Source system.interface.name. type: str
- ip - IP address. type: str
- mac - MAC address. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure ARP table.
fortios_system_arp_table:
vdom: "{{ vdom }}"
state: "present"
system_arp_table:
id: "3"
interface: "<your_own_value> (source system.interface.name)"
ip: "<your_own_value>"
mac: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_auto_install – Configure USB auto installation in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and auto_install category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- system_auto_install - Configure USB auto installation. type: dict
- auto_install_config - Enable/disable auto install the config in USB disk. type: str choices: enable, disable
- auto_install_image - Enable/disable auto install the image in USB disk. type: str choices: enable, disable
- default_config_file - Default config file name in USB disk. type: str
- default_image_file - Default image file name in USB disk. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure USB auto installation.
fortios_system_auto_install:
vdom: "{{ vdom }}"
system_auto_install:
auto_install_config: "enable"
auto_install_image: "enable"
default_config_file: "<your_own_value>"
default_image_file: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_auto_script – Configure auto script in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and auto_script category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_auto_script - Configure auto script. type: dict
- interval - Repeat interval in seconds. type: int
- name - Auto script name. type: str required: True
- output_size - Number of megabytes to limit script output to (10 - 1024). type: int
- repeat - Number of times to repeat this script (0 = infinite). type: int
- script - List of FortiOS CLI commands to repeat. type: str
- start - Script starting mode. type: str choices: manual, auto
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure auto script.
fortios_system_auto_script:
vdom: "{{ vdom }}"
state: "present"
system_auto_script:
interval: "3"
name: "default_name_4"
output_size: "5"
repeat: "6"
script: "<your_own_value>"
start: "manual"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_automation_action – Action for automation stitches in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and automation_action category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_automation_action - Action for automation stitches. type: dict
- action_type - Action type. type: str choices: email, ios-notification, alert, disable-ssid, quarantine, quarantine-forticlient, ban-ip, aws-lambda, webhook
- aws_api_id - AWS API Gateway ID. type: str
- aws_api_key - AWS API Gateway API key. type: str
- aws_api_path - AWS API Gateway path. type: str
- aws_api_stage - AWS API Gateway deployment stage name. type: str
- aws_domain - AWS domain. type: str
- aws_region - AWS region. type: str
- delay - Delay before execution (in seconds). type: int
- email_subject - Email subject. type: str
- email_to - Email addresses. type: list
- name - Email address. type: str required: True
- headers - Request headers. type: list
- header - Request header. type: str required: True
- http_body - Request body (if necessary). Should be serialized json string. type: str
- method - Request method (GET, POST or PUT). type: str choices: post, put, get
- minimum_interval - Limit execution to no more than once in this interval (in seconds). type: int
- name - Name. type: str required: True
- port - Protocol port. type: int
- protocol - Request protocol. type: str choices: http, https
- required - Required in action chain. type: str choices: enable, disable
- uri - Request API URI. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Action for automation stitches.
fortios_system_automation_action:
vdom: "{{ vdom }}"
state: "present"
system_automation_action:
action_type: "email"
aws_api_id: "<your_own_value>"
aws_api_key: "<your_own_value>"
aws_api_path: "<your_own_value>"
aws_api_stage: "<your_own_value>"
aws_domain: "<your_own_value>"
aws_region: "<your_own_value>"
delay: "10"
email_subject: "<your_own_value>"
email_to:
-
name: "default_name_13"
headers:
-
header: "<your_own_value>"
http_body: "<your_own_value>"
method: "post"
minimum_interval: "18"
name: "default_name_19"
port: "20"
protocol: "http"
required: "enable"
uri: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_automation_destination – Automation destinations in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and automation_destination category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_automation_destination - Automation destinations. type: dict
- destination - Destinations. type: list
- name - Destination. type: str required: True
- ha_group_id - Cluster group ID set for this destination . type: int
- name - Name. type: str required: True
- type - Destination type. type: str choices: fortigate, ha-cluster
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Automation destinations.
fortios_system_automation_destination:
vdom: "{{ vdom }}"
state: "present"
system_automation_destination:
destination:
-
name: "default_name_4"
ha_group_id: "5"
name: "default_name_6"
type: "fortigate"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_automation_stitch – Automation stitches in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and automation_stitch category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_automation_stitch - Automation stitches. type: dict
- action - Action names. type: list
- name - Action name. Source system.automation-action.name. type: str required: True
- destination - Serial number/HA group-name of destination devices. type: list
- name - Destination name. Source system.automation-destination.name. type: str required: True
- name - Name. type: str required: True
- status - Enable/disable this stitch. type: str choices: enable, disable
- trigger - Trigger name. Source system.automation-trigger.name. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Automation stitches.
fortios_system_automation_stitch:
vdom: "{{ vdom }}"
state: "present"
system_automation_stitch:
action:
-
name: "default_name_4 (source system.automation-action.name)"
destination:
-
name: "default_name_6 (source system.automation-destination.name)"
name: "default_name_7"
status: "enable"
trigger: "<your_own_value> (source system.automation-trigger.name)"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_automation_trigger – Trigger for automation stitches in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and automation_trigger category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_automation_trigger - Trigger for automation stitches. type: dict
- event_type - Event type. type: str choices: ioc, event-log, reboot, low-memory, high-cpu, license-near-expiry, ha-failover, config-change, security-rating-summary, virus-ips-db-updated
- ioc_level - IOC threat level. type: str choices: medium, high
- license_type - License type. type: str choices: forticare-support, fortiguard-webfilter, fortiguard-antispam, fortiguard-antivirus, fortiguard-ips, fortiguard-management, forticloud
- logid - Log ID to trigger event. type: int
- name - Name. type: str required: True
- trigger_day - Day within a month to trigger. type: int
- trigger_frequency - Scheduled trigger frequency . type: str choices: hourly, daily, weekly, monthly
- trigger_hour - Hour of the day on which to trigger (0 - 23). type: int
- trigger_minute - Minute of the hour on which to trigger (0 - 59, 60 to randomize). type: int
- trigger_type - Trigger type. type: str choices: event-based, scheduled
- trigger_weekday - Day of week for trigger. type: str choices: sunday, monday, tuesday, wednesday, thursday, friday, saturday
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Trigger for automation stitches.
fortios_system_automation_trigger:
vdom: "{{ vdom }}"
state: "present"
system_automation_trigger:
event_type: "ioc"
ioc_level: "medium"
license_type: "forticare-support"
logid: "6"
name: "default_name_7"
trigger_day: "8"
trigger_frequency: "hourly"
trigger_hour: "10"
trigger_minute: "11"
trigger_type: "event-based"
trigger_weekday: "sunday"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_autoupdate_push_update – Configure push updates in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_autoupdate feature and push_update category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- system_autoupdate_push_update - Configure push updates. type: dict
- address - Push update override server. type: str
- override - Enable/disable push update override server. type: str choices: enable, disable
- port - Push update override port. (Do not overlap with other service ports) type: int
- status - Enable/disable push updates. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure push updates.
fortios_system_autoupdate_push_update:
vdom: "{{ vdom }}"
system_autoupdate_push_update:
address: "<your_own_value>"
override: "enable"
port: "5"
status: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_autoupdate_schedule – Configure update schedule in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_autoupdate feature and schedule category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- system_autoupdate_schedule - Configure update schedule. type: dict
- day - Update day. type: str choices: Sunday, Monday, Tuesday, Wednesday, Thursday, Friday, Saturday
- frequency - Update frequency. type: str choices: every, daily, weekly
- status - Enable/disable scheduled updates. type: str choices: enable, disable
- time - Update time. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure update schedule.
fortios_system_autoupdate_schedule:
vdom: "{{ vdom }}"
system_autoupdate_schedule:
day: "Sunday"
frequency: "every"
status: "enable"
time: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_autoupdate_tunneling – Configure web proxy tunnelling for the FDN in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_autoupdate feature and tunneling category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- system_autoupdate_tunneling - Configure web proxy tunnelling for the FDN. type: dict
- address - Web proxy IP address or FQDN. type: str
- password - Web proxy password. type: str
- port - Web proxy port. type: int
- status - Enable/disable web proxy tunnelling. type: str choices: enable, disable
- username - Web proxy username. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure web proxy tunnelling for the FDN.
fortios_system_autoupdate_tunneling:
vdom: "{{ vdom }}"
system_autoupdate_tunneling:
address: "<your_own_value>"
password: "<your_own_value>"
port: "5"
status: "enable"
username: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_central_management – Configure central management in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and central_management category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- system_central_management - Configure central management. type: dict
- allow_monitor - Enable/disable allowing the central management server to remotely monitor this FortiGate type: str choices: enable, disable
- allow_push_configuration - Enable/disable allowing the central management server to push configuration changes to this FortiGate. type: str choices: enable, disable
- allow_push_firmware - Enable/disable allowing the central management server to push firmware updates to this FortiGate. type: str choices: enable, disable
- allow_remote_firmware_upgrade - Enable/disable remotely upgrading the firmware on this FortiGate from the central management server. type: str choices: enable, disable
- enc_algorithm - Encryption strength for communications between the FortiGate and central management. type: str choices: default, high, low
- fmg - IP address or FQDN of the FortiManager. type: str
- fmg_source_ip - IPv4 source address that this FortiGate uses when communicating with FortiManager. type: str
- fmg_source_ip6 - IPv6 source address that this FortiGate uses when communicating with FortiManager. type: str
- include_default_servers - Enable/disable inclusion of public FortiGuard servers in the override server list. type: str choices: enable, disable
- mode - Central management mode. type: str choices: normal, backup
- schedule_config_restore - Enable/disable allowing the central management server to restore the configuration of this FortiGate. type: str choices: enable, disable
- schedule_script_restore - Enable/disable allowing the central management server to restore the scripts stored on this FortiGate. type: str choices: enable, disable
- serial_number - Serial number. type: str
- server_list - Additional severs that the FortiGate can use for updates (for AV, IPS, updates) and ratings (for web filter and antispam ratings) servers. type: list
- addr_type - Indicate whether the FortiGate communicates with the override server using an IPv4 address, an IPv6 address or a FQDN. type: str choices: ipv4, ipv6, fqdn
- fqdn - FQDN address of override server. type: str
- id - ID. type: int required: True
- server_address - IPv4 address of override server. type: str
- server_address6 - IPv6 address of override server. type: str
- server_type - FortiGuard service type. type: str choices: update, rating
- type - Central management type. type: str choices: fortimanager, fortiguard, none
- vdom - Virtual domain (VDOM) name to use when communicating with FortiManager. Source system.vdom.name. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure central management.
fortios_system_central_management:
vdom: "{{ vdom }}"
system_central_management:
allow_monitor: "enable"
allow_push_configuration: "enable"
allow_push_firmware: "enable"
allow_remote_firmware_upgrade: "enable"
enc_algorithm: "default"
fmg: "<your_own_value>"
fmg_source_ip: "<your_own_value>"
fmg_source_ip6: "<your_own_value>"
include_default_servers: "enable"
mode: "normal"
schedule_config_restore: "enable"
schedule_script_restore: "enable"
serial_number: "<your_own_value>"
server_list:
-
addr_type: "ipv4"
fqdn: "<your_own_value>"
id: "19"
server_address: "<your_own_value>"
server_address6: "<your_own_value>"
server_type: "update"
type: "fortimanager"
vdom: "<your_own_value> (source system.vdom.name)"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_cluster_sync – Configure FortiGate Session Life Support Protocol (FGSP) session synchronization in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and cluster_sync category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_cluster_sync - Configure FortiGate Session Life Support Protocol (FGSP) session synchronization. type: dict
- down_intfs_before_sess_sync - List of interfaces to be turned down before session synchronization is complete. type: list
- name - Interface name. Source system.interface.name. type: str required: True
- hb_interval - Heartbeat interval (1 - 10 sec). type: int
- hb_lost_threshold - Lost heartbeat threshold (1 - 10). type: int
- peerip - IP address of the interface on the peer unit that is used for the session synchronization link. type: str
- peervd - VDOM that contains the session synchronization link interface on the peer unit. Usually both peers would have the same peervd. Source system.vdom.name. type: str
- session_sync_filter - Add one or more filters if you only want to synchronize some sessions. Use the filter to configure the types of sessions to synchronize. type: dict
- custom_service - Only sessions using these custom services are synchronized. Use source and destination port ranges to define these custome services. type: list
- dst_port_range - Custom service destination port range. type: str
- id - Custom service ID. type: int required: True
- src_port_range - Custom service source port range. type: str
- dstaddr - Only sessions to this IPv4 address are synchronized. You can only enter one address. To synchronize sessions for multiple destination addresses, add multiple filters. type: str
- dstaddr6 - Only sessions to this IPv6 address are synchronized. You can only enter one address. To synchronize sessions for multiple destination addresses, add multiple filters. type: str
- dstintf - Only sessions to this interface are synchronized. You can only enter one interface name. To synchronize sessions to multiple destination interfaces, add multiple filters. Source system.interface.name. type: str
- srcaddr - Only sessions from this IPv4 address are synchronized. You can only enter one address. To synchronize sessions from multiple source addresses, add multiple filters. type: str
- srcaddr6 - Only sessions from this IPv6 address are synchronized. You can only enter one address. To synchronize sessions from multiple source addresses, add multiple filters. type: str
- srcintf - Only sessions from this interface are synchronized. You can only enter one interface name. To synchronize sessions for multiple source interfaces, add multiple filters. Source system.interface.name. type: str
- slave_add_ike_routes - Enable/disable IKE route announcement on the backup unit. type: str choices: enable, disable
- sync_id - Sync ID. type: int
- syncvd - Sessions from these VDOMs are synchronized using this session synchronization configuration. type: list
- name - VDOM name. Source system.vdom.name. type: str required: True
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure FortiGate Session Life Support Protocol (FGSP) session synchronization.
fortios_system_cluster_sync:
vdom: "{{ vdom }}"
state: "present"
system_cluster_sync:
down_intfs_before_sess_sync:
-
name: "default_name_4 (source system.interface.name)"
hb_interval: "5"
hb_lost_threshold: "6"
peerip: "<your_own_value>"
peervd: "<your_own_value> (source system.vdom.name)"
session_sync_filter:
custom_service:
-
dst_port_range: "<your_own_value>"
id: "12"
src_port_range: "<your_own_value>"
dstaddr: "<your_own_value>"
dstaddr6: "<your_own_value>"
dstintf: "<your_own_value> (source system.interface.name)"
srcaddr: "<your_own_value>"
srcaddr6: "<your_own_value>"
srcintf: "<your_own_value> (source system.interface.name)"
slave_add_ike_routes: "enable"
sync_id: "21"
syncvd:
-
name: "default_name_23 (source system.vdom.name)"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_console – Configure console in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and console category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- system_console - Configure console. type: dict
- baudrate - Console baud rate. type: str choices: 9600, 19200, 38400, 57600, 115200
- login - Enable/disable serial console and FortiExplorer. type: str choices: enable, disable
- mode - Console mode. type: str choices: batch, line
- output - Console output mode. type: str choices: standard, more
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure console.
fortios_system_console:
vdom: "{{ vdom }}"
system_console:
baudrate: "9600"
login: "enable"
mode: "batch"
output: "standard"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_csf – Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and csf category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- system_csf - Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate. type: dict
- configuration_sync - Configuration sync mode. type: str choices: default, local
- fabric_device - Fabric device configuration. type: list
- device_ip - Device IP. type: str
- device_type - Device type. type: str choices: fortimail
- login - Device login name. type: str
- name - Device name. type: str required: True
- password - Device login password. type: str
- fixed_key - Auto-generated fixed key used when this device is the root. (Will automatically be generated if not set.) type: str
- group_name - Security Fabric group name. All FortiGates in a Security Fabric must have the same group name. type: str
- group_password - Security Fabric group password. All FortiGates in a Security Fabric must have the same group password. type: str
- management_ip - Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric. type: str
- management_port - Overriding port for management connection (Overrides admin port). type: int
- status - Enable/disable Security Fabric. type: str choices: enable, disable
- trusted_list - Pre-authorized and blocked security fabric nodes. type: list
- action - Security fabric authorization action. type: str choices: accept, deny
- downstream_authorization - Trust authorizations by this node"s administrator. type: str choices: enable, disable
- ha_members - HA members. type: str
- serial - Serial. type: str required: True
- upstream_ip - IP address of the FortiGate upstream from this FortiGate in the Security Fabric. type: str
- upstream_port - The port number to use to communicate with the FortiGate upstream from this FortiGate in the Security Fabric . type: int
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate.
fortios_system_csf:
vdom: "{{ vdom }}"
system_csf:
configuration_sync: "default"
fabric_device:
-
device_ip: "<your_own_value>"
device_type: "fortimail"
login: "<your_own_value>"
name: "default_name_8"
password: "<your_own_value>"
fixed_key: "<your_own_value>"
group_name: "<your_own_value>"
group_password: "<your_own_value>"
management_ip: "<your_own_value>"
management_port: "14"
status: "enable"
trusted_list:
-
action: "accept"
downstream_authorization: "enable"
ha_members: "<your_own_value>"
serial: "<your_own_value>"
upstream_ip: "<your_own_value>"
upstream_port: "22"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_custom_language – Configure custom languages in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and custom_language category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_custom_language - Configure custom languages. type: dict
- comments - Comment. type: str
- filename - Custom language file path. type: str
- name - Name. type: str required: True
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure custom languages.
fortios_system_custom_language:
vdom: "{{ vdom }}"
state: "present"
system_custom_language:
comments: "<your_own_value>"
filename: "<your_own_value>"
name: "default_name_5"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_ddns – Configure DDNS in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and ddns category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_ddns - Configure DDNS. type: dict
- bound_ip - Bound IP address. type: str
- clear_text - Enable/disable use of clear text connections. type: str choices: disable, enable
- ddns_auth - Enable/disable TSIG authentication for your DDNS server. type: str choices: disable, tsig
- ddns_domain - Your fully qualified domain name (for example, yourname.DDNS.com). type: str
- ddns_key - DDNS update key (base 64 encoding). type: str
- ddns_keyname - DDNS update key name. type: str
- ddns_password - DDNS password. type: str
- ddns_server - Select a DDNS service provider. type: str choices: dyndns.org, dyns.net, tzo.com, vavic.com, dipdns.net, now.net.cn, dhs.org, easydns.com, genericDDNS, FortiGuardDDNS, noip.com
- ddns_server_ip - Generic DDNS server IP. type: str
- ddns_sn - DDNS Serial Number. type: str
- ddns_ttl - Time-to-live for DDNS packets. type: int
- ddns_username - DDNS user name. type: str
- ddns_zone - Zone of your domain name (for example, DDNS.com). type: str
- ddnsid - DDNS ID. type: int required: True
- monitor_interface - Monitored interface. type: list
- interface_name - Interface name. Source system.interface.name. type: str
- ssl_certificate - Name of local certificate for SSL connections. Source certificate.local.name. type: str
- update_interval - DDNS update interval (60 - 2592000 sec). type: int
- use_public_ip - Enable/disable use of public IP address. type: str choices: disable, enable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure DDNS.
fortios_system_ddns:
vdom: "{{ vdom }}"
state: "present"
system_ddns:
bound_ip: "<your_own_value>"
clear_text: "disable"
ddns_auth: "disable"
ddns_domain: "<your_own_value>"
ddns_key: "<your_own_value>"
ddns_keyname: "<your_own_value>"
ddns_password: "<your_own_value>"
ddns_server: "dyndns.org"
ddns_server_ip: "<your_own_value>"
ddns_sn: "<your_own_value>"
ddns_ttl: "13"
ddns_username: "<your_own_value>"
ddns_zone: "<your_own_value>"
ddnsid: "16"
monitor_interface:
-
interface_name: "<your_own_value> (source system.interface.name)"
ssl_certificate: "<your_own_value> (source certificate.local.name)"
update_interval: "20"
use_public_ip: "disable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_dedicated_mgmt – Configure dedicated management in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and dedicated_mgmt category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- system_dedicated_mgmt - Configure dedicated management. type: dict
- default_gateway - Default gateway for dedicated management interface. type: str
- dhcp_end_ip - DHCP end IP for dedicated management. type: str
- dhcp_netmask - DHCP netmask. type: str
- dhcp_server - Enable/disable DHCP server on management interface. type: str choices: enable, disable
- dhcp_start_ip - DHCP start IP for dedicated management. type: str
- interface - Dedicated management interface. Source system.interface.name. type: str
- status - Enable/disable dedicated management. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure dedicated management.
fortios_system_dedicated_mgmt:
vdom: "{{ vdom }}"
system_dedicated_mgmt:
default_gateway: "<your_own_value>"
dhcp_end_ip: "<your_own_value>"
dhcp_netmask: "<your_own_value>"
dhcp_server: "enable"
dhcp_start_ip: "<your_own_value>"
interface: "<your_own_value> (source system.interface.name)"
status: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_dhcp6_server – Configure DHCPv6 servers in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_dhcp6 feature and server category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_dhcp6_server - Configure DHCPv6 servers. type: dict
- dns_search_list - DNS search list options. type: str choices: delegated, specify
- dns_server1 - DNS server 1. type: str
- dns_server2 - DNS server 2. type: str
- dns_server3 - DNS server 3. type: str
- dns_service - Options for assigning DNS servers to DHCPv6 clients. type: str choices: delegated, default, specify
- domain - Domain name suffix for the IP addresses that the DHCP server assigns to clients. type: str
- id - ID. type: int required: True
- interface - DHCP server can assign IP configurations to clients connected to this interface. Source system.interface.name. type: str
- ip_mode - Method used to assign client IP. type: str choices: range, delegated
- ip_range - DHCP IP range configuration. type: list
- end_ip - End of IP range. type: str
- id - ID. type: int required: True
- start_ip - Start of IP range. type: str
- lease_time - Lease time in seconds, 0 means unlimited. type: int
- option1 - Option 1. type: str
- option2 - Option 2. type: str
- option3 - Option 3. type: str
- prefix_range - DHCP prefix configuration. type: list
- end_prefix - End of prefix range. type: str
- id - ID. type: int required: True
- prefix_length - Prefix length. type: int
- start_prefix - Start of prefix range. type: str
- rapid_commit - Enable/disable allow/disallow rapid commit. type: str choices: disable, enable
- status - Enable/disable this DHCPv6 configuration. type: str choices: disable, enable
- subnet - Subnet or subnet-id if the IP mode is delegated. type: str
- upstream_interface - Interface name from where delegated information is provided. Source system.interface.name. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure DHCPv6 servers.
fortios_system_dhcp6_server:
vdom: "{{ vdom }}"
state: "present"
system_dhcp6_server:
dns_search_list: "delegated"
dns_server1: "<your_own_value>"
dns_server2: "<your_own_value>"
dns_server3: "<your_own_value>"
dns_service: "delegated"
domain: "<your_own_value>"
id: "9"
interface: "<your_own_value> (source system.interface.name)"
ip_mode: "range"
ip_range:
-
end_ip: "<your_own_value>"
id: "14"
start_ip: "<your_own_value>"
lease_time: "16"
option1: "<your_own_value>"
option2: "<your_own_value>"
option3: "<your_own_value>"
prefix_range:
-
end_prefix: "<your_own_value>"
id: "22"
prefix_length: "23"
start_prefix: "<your_own_value>"
rapid_commit: "disable"
status: "disable"
subnet: "<your_own_value>"
upstream_interface: "<your_own_value> (source system.interface.name)"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_dhcp_server – Configure DHCP servers in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_dhcp feature and server category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- system_dhcp_server - Configure DHCP servers. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- auto_configuration - Enable/disable auto configuration. type: str choices: disable, enable
- conflicted_ip_timeout - Time in seconds to wait after a conflicted IP address is removed from the DHCP range before it can be reused. type: int
- ddns_auth - DDNS authentication mode. type: str choices: disable, tsig
- ddns_key - DDNS update key (base 64 encoding). type: str
- ddns_keyname - DDNS update key name. type: str
- ddns_server_ip - DDNS server IP. type: str
- ddns_ttl - TTL. type: int
- ddns_update - Enable/disable DDNS update for DHCP. type: str choices: disable, enable
- ddns_update_override - Enable/disable DDNS update override for DHCP. type: str choices: disable, enable
- ddns_zone - Zone of your domain name (ex. DDNS.com). type: str
- default_gateway - Default gateway IP address assigned by the DHCP server. type: str
- dns_server1 - DNS server 1. type: str
- dns_server2 - DNS server 2. type: str
- dns_server3 - DNS server 3. type: str
- dns_service - Options for assigning DNS servers to DHCP clients. type: str choices: local, default, specify
- domain - Domain name suffix for the IP addresses that the DHCP server assigns to clients. type: str
- exclude_range - Exclude one or more ranges of IP addresses from being assigned to clients. type: list
- end_ip - End of IP range. type: str
- id - ID. type: int required: True
- start_ip - Start of IP range. type: str
- filename - Name of the boot file on the TFTP server. type: str
- forticlient_on_net_status - Enable/disable FortiClient-On-Net service for this DHCP server. type: str choices: disable, enable
- id - ID. type: int required: True
- interface - DHCP server can assign IP configurations to clients connected to this interface. Source system.interface.name. type: str
- ip_mode - Method used to assign client IP. type: str choices: range, usrgrp
- ip_range - DHCP IP range configuration. type: list
- end_ip - End of IP range. type: str
- id - ID. type: int required: True
- start_ip - Start of IP range. type: str
- ipsec_lease_hold - DHCP over IPsec leases expire this many seconds after tunnel down (0 to disable forced-expiry). type: int
- lease_time - Lease time in seconds, 0 means unlimited. type: int
- mac_acl_default_action - MAC access control default action (allow or block assigning IP settings). type: str choices: assign, block
- netmask - Netmask assigned by the DHCP server. type: str
- next_server - IP address of a server (for example, a TFTP sever) that DHCP clients can download a boot file from. type: str
- ntp_server1 - NTP server 1. type: str
- ntp_server2 - NTP server 2. type: str
- ntp_server3 - NTP server 3. type: str
- ntp_service - Options for assigning Network Time Protocol (NTP) servers to DHCP clients. type: str choices: local, default, specify
- options - DHCP options. type: list
- code - DHCP option code. type: int
- id - ID. type: int required: True
- ip - DHCP option IPs. type: str
- type - DHCP option type. type: str choices: hex, string, ip, fqdn
- value - DHCP option value. type: str
- reserved_address - Options for the DHCP server to assign IP settings to specific MAC addresses. type: list
- action - Options for the DHCP server to configure the client with the reserved MAC address. type: str choices: assign, block, reserved
- description - Description. type: str
- id - ID. type: int required: True
- ip - IP address to be reserved for the MAC address. type: str
- mac - MAC address of the client that will get the reserved IP address. type: str
- server_type - DHCP server can be a normal DHCP server or an IPsec DHCP server. type: str choices: regular, ipsec
- status - Enable/disable this DHCP configuration. type: str choices: disable, enable
- tftp_server - One or more hostnames or IP addresses of the TFTP servers in quotes separated by spaces. type: list
- tftp_server - TFTP server. type: str
- timezone - Select the time zone to be assigned to DHCP clients. type: str choices: 1, 2, 3, 4, 5, 81, 6, 7, 08, 09, 10, 11, 12, 13, 74, 14, 77, 15, 87, 16, 17, 18, 19, 20, 75, 21, 22, 23, 24, 80, 79, 25, 26, 27, 28, 78, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 83, 84, 40, 85, 41, 42, 43, 39, 44, 46, 47, 51, 48, 45, 49, 50, 52, 53, 54, 55, 56, 57, 58, 59, 60, 62, 63, 61, 64, 65, 66, 67, 68, 69, 70, 71, 72, 0, 82, 73, 86, 76
- timezone_option - Options for the DHCP server to set the client"s time zone. type: str choices: disable, default, specify
- vci_match - Enable/disable vendor class identifier (VCI) matching. When enabled only DHCP requests with a matching VCI are served. type: str choices: disable, enable
- vci_string - One or more VCI strings in quotes separated by spaces. type: list
- vci_string - VCI strings. type: str
- wifi_ac1 - WiFi Access Controller 1 IP address (DHCP option 138, RFC 5417). type: str
- wifi_ac2 - WiFi Access Controller 2 IP address (DHCP option 138, RFC 5417). type: str
- wifi_ac3 - WiFi Access Controller 3 IP address (DHCP option 138, RFC 5417). type: str
- wins_server1 - WINS server 1. type: str
- wins_server2 - WINS server 2. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure DHCP servers.
fortios_system_dhcp_server:
vdom: "{{ vdom }}"
state: "present"
system_dhcp_server:
auto_configuration: "disable"
conflicted_ip_timeout: "4"
ddns_auth: "disable"
ddns_key: "<your_own_value>"
ddns_keyname: "<your_own_value>"
ddns_server_ip: "<your_own_value>"
ddns_ttl: "9"
ddns_update: "disable"
ddns_update_override: "disable"
ddns_zone: "<your_own_value>"
default_gateway: "<your_own_value>"
dns_server1: "<your_own_value>"
dns_server2: "<your_own_value>"
dns_server3: "<your_own_value>"
dns_service: "local"
domain: "<your_own_value>"
exclude_range:
-
end_ip: "<your_own_value>"
id: "21"
start_ip: "<your_own_value>"
filename: "<your_own_value>"
forticlient_on_net_status: "disable"
id: "25"
interface: "<your_own_value> (source system.interface.name)"
ip_mode: "range"
ip_range:
-
end_ip: "<your_own_value>"
id: "30"
start_ip: "<your_own_value>"
ipsec_lease_hold: "32"
lease_time: "33"
mac_acl_default_action: "assign"
netmask: "<your_own_value>"
next_server: "<your_own_value>"
ntp_server1: "<your_own_value>"
ntp_server2: "<your_own_value>"
ntp_server3: "<your_own_value>"
ntp_service: "local"
options:
-
code: "42"
id: "43"
ip: "<your_own_value>"
type: "hex"
value: "<your_own_value>"
reserved_address:
-
action: "assign"
description: "<your_own_value>"
id: "50"
ip: "<your_own_value>"
mac: "<your_own_value>"
server_type: "regular"
status: "disable"
tftp_server:
-
tftp_server: "<your_own_value>"
timezone: "01"
timezone_option: "disable"
vci_match: "disable"
vci_string:
-
vci_string: "<your_own_value>"
wifi_ac1: "<your_own_value>"
wifi_ac2: "<your_own_value>"
wifi_ac3: "<your_own_value>"
wins_server1: "<your_own_value>"
wins_server2: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_dns – Configure DNS in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and dns category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- system_dns - Configure DNS. type: dict
- cache_notfound_responses - Enable/disable response from the DNS server when a record is not in cache. type: str choices: disable, enable
- dns_cache_limit - Maximum number of records in the DNS cache. type: int
- dns_cache_ttl - Duration in seconds that the DNS cache retains information. type: int
- domain - Search suffix list for hostname lookup. type: list
- domain - DNS search domain list separated by space (maximum 8 domains) type: str required: True
- ip6_primary - Primary DNS server IPv6 address. type: str
- ip6_secondary - Secondary DNS server IPv6 address. type: str
- primary - Primary DNS server IP address. type: str
- retry - Number of times to retry (0 - 5). type: int
- secondary - Secondary DNS server IP address. type: str
- source_ip - IP address used by the DNS server as its source IP. type: str
- timeout - DNS query timeout interval in seconds (1 - 10). type: int
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure DNS.
fortios_system_dns:
vdom: "{{ vdom }}"
system_dns:
cache_notfound_responses: "disable"
dns_cache_limit: "4"
dns_cache_ttl: "5"
domain:
-
domain: "<your_own_value>"
ip6_primary: "<your_own_value>"
ip6_secondary: "<your_own_value>"
primary: "<your_own_value>"
retry: "11"
secondary: "<your_own_value>"
source_ip: "84.230.14.43"
timeout: "14"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_dns_database – Configure DNS databases in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and dns_database category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_dns_database - Configure DNS databases. type: dict
- allow_transfer - DNS zone transfer IP address list. type: str
- authoritative - Enable/disable authoritative zone. type: str choices: enable, disable
- contact - Email address of the administrator for this zone. You can specify only the username (e.g. admin) or full email address (e.g. admin@test .com) When using a simple username, the domain of the email will be this zone. type: str
- dns_entry - DNS entry. type: list
- canonical_name - Canonical name of the host. type: str
- hostname - Name of the host. type: str
- id - DNS entry ID. type: int required: True
- ip - IPv4 address of the host. type: str
- ipv6 - IPv6 address of the host. type: str
- preference - DNS entry preference, 0 is the highest preference (0 - 65535) type: int
- status - Enable/disable resource record status. type: str choices: enable, disable
- ttl - Time-to-live for this entry (0 to 2147483647 sec). type: int
- type - Resource record type. type: str choices: A, NS, CNAME, MX, AAAA, PTR, PTR_V6
- domain - Domain name. type: str
- forwarder - DNS zone forwarder IP address list. type: str
- ip_master - IP address of master DNS server. Entries in this master DNS server and imported into the DNS zone. type: str
- name - Zone name. type: str required: True
- primary_name - Domain name of the default DNS server for this zone. type: str
- source_ip - Source IP for forwarding to DNS server. type: str
- status - Enable/disable this DNS zone. type: str choices: enable, disable
- ttl - Default time-to-live value for the entries of this DNS zone (0 - 2147483647 sec). type: int
- type - Zone type (master to manage entries directly, slave to import entries from other zones). type: str choices: master, slave
- view - Zone view (public to serve public clients, shadow to serve internal clients). type: str choices: shadow, public
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure DNS databases.
fortios_system_dns_database:
vdom: "{{ vdom }}"
state: "present"
system_dns_database:
allow_transfer: "<your_own_value>"
authoritative: "enable"
contact: "<your_own_value>"
dns_entry:
-
canonical_name: "<your_own_value>"
hostname: "myhostname"
id: "9"
ip: "<your_own_value>"
ipv6: "<your_own_value>"
preference: "12"
status: "enable"
ttl: "14"
type: "A"
domain: "<your_own_value>"
forwarder: "<your_own_value>"
ip_master: "<your_own_value>"
name: "default_name_19"
primary_name: "<your_own_value>"
source_ip: "84.230.14.43"
status: "enable"
ttl: "23"
type: "master"
view: "shadow"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_dns_server – Configure DNS servers in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and dns_server category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_dns_server - Configure DNS servers. type: dict
- dnsfilter_profile - DNS filter profile. Source dnsfilter.profile.name. type: str
- mode - DNS server mode. type: str choices: recursive, non-recursive, forward-only
- name - DNS server name. Source system.interface.name. type: str required: True
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure DNS servers.
fortios_system_dns_server:
vdom: "{{ vdom }}"
state: "present"
system_dns_server:
dnsfilter_profile: "<your_own_value> (source dnsfilter.profile.name)"
mode: "recursive"
name: "default_name_5 (source system.interface.name)"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_dscp_based_priority – Configure DSCP based priority table in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and dscp_based_priority category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_dscp_based_priority - Configure DSCP based priority table. type: dict
- ds - DSCP(DiffServ) DS value (0 - 63). type: int
- id - Item ID. type: int required: True
- priority - DSCP based priority level. type: str choices: low, medium, high
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure DSCP based priority table.
fortios_system_dscp_based_priority:
vdom: "{{ vdom }}"
state: "present"
system_dscp_based_priority:
ds: "3"
id: "4"
priority: "low"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_email_server – Configure the email server used by the FortiGate various things. For example, for sending email messages to users to support user authentication features in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and email_server category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- system_email_server - Configure the email server used by the FortiGate various things. For example, for sending email messages to users to support user authentication features. type: dict
- authenticate - Enable/disable authentication. type: str choices: enable, disable
- password - SMTP server user password for authentication. type: str
- port - SMTP server port. type: int
- reply_to - Reply-To email address. type: str
- security - Connection security used by the email server. type: str choices: none, starttls, smtps
- server - SMTP server IP address or hostname. type: str
- source_ip - SMTP server IPv4 source IP. type: str
- source_ip6 - SMTP server IPv6 source IP. type: str
- ssl_min_proto_version - Minimum supported protocol version for SSL/TLS connections . type: str choices: default, SSLv3, TLSv1, TLSv1-1, TLSv1-2
- type - Use FortiGuard Message service or custom email server. type: str choices: custom
- username - SMTP server user name for authentication. type: str
- validate_server - Enable/disable validation of server certificate. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure the email server used by the FortiGate various things. For example, for sending email messages to users to support user authentication
features.
fortios_system_email_server:
vdom: "{{ vdom }}"
system_email_server:
authenticate: "enable"
password: "<your_own_value>"
port: "5"
reply_to: "<your_own_value>"
security: "none"
server: "192.168.100.40"
source_ip: "84.230.14.43"
source_ip6: "<your_own_value>"
ssl_min_proto_version: "default"
type: "custom"
username: "<your_own_value>"
validate_server: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_external_resource – Configure external resource in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and external_resource category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_external_resource - Configure external resource. type: dict
- category - User resource category. type: int
- comments - Comment. type: str
- name - External resource name. type: str required: True
- refresh_rate - Time interval to refresh external resource (1 - 43200 min). type: int
- resource - URI of external resource. type: str
- status - Enable/disable user resource. type: str choices: enable, disable
- type - User resource type. type: str choices: category, address, domain
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure external resource.
fortios_system_external_resource:
vdom: "{{ vdom }}"
state: "present"
system_external_resource:
category: "3"
comments: "<your_own_value>"
name: "default_name_5"
refresh_rate: "6"
resource: "<your_own_value>"
status: "enable"
type: "category"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_fips_cc – Configure FIPS-CC mode in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and fips_cc category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- system_fips_cc - Configure FIPS-CC mode. type: dict
- entropy_token - Enable/disable/dynamic entropy token. type: str choices: enable, disable, dynamic
- key_generation_self_test - Enable/disable self tests after key generation. type: str choices: enable, disable
- self_test_period - Self test period. type: int
- status - Enable/disable FIPS-CC mode. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure FIPS-CC mode.
fortios_system_fips_cc:
vdom: "{{ vdom }}"
system_fips_cc:
entropy_token: "enable"
key_generation_self_test: "enable"
self_test_period: "5"
status: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_fm – Configure FM in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and fm category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- system_fm - Configure FM. type: dict
- auto_backup - Enable/disable automatic backup. type: str choices: enable, disable
- id - ID. type: str
- ip - IP address. type: str
- ipsec - Enable/disable IPsec. type: str choices: enable, disable
- scheduled_config_restore - Enable/disable scheduled configuration restore. type: str choices: enable, disable
- status - Enable/disable FM. type: str choices: enable, disable
- vdom - VDOM. Source system.vdom.name. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure FM.
fortios_system_fm:
vdom: "{{ vdom }}"
system_fm:
auto_backup: "enable"
id: "4"
ip: "<your_own_value>"
ipsec: "enable"
scheduled_config_restore: "enable"
status: "enable"
vdom: "<your_own_value> (source system.vdom.name)"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_fortiguard – Configure FortiGuard services in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and fortiguard category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- system_fortiguard - Configure FortiGuard services. type: dict
- antispam_cache - Enable/disable FortiGuard antispam request caching. Uses a small amount of memory but improves performance. type: str choices: enable, disable
- antispam_cache_mpercent - Maximum percent of FortiGate memory the antispam cache is allowed to use (1 - 15%). type: int
- antispam_cache_ttl - Time-to-live for antispam cache entries in seconds (300 - 86400). Lower times reduce the cache size. Higher times may improve performance since the cache will have more entries. type: int
- antispam_expiration - Expiration date of the FortiGuard antispam contract. type: int
- antispam_force_off - Enable/disable turning off the FortiGuard antispam service. type: str choices: enable, disable
- antispam_license - Interval of time between license checks for the FortiGuard antispam contract. type: int
- antispam_timeout - Antispam query time out (1 - 30 sec). type: int
- auto_join_forticloud - Automatically connect to and login to FortiCloud. type: str choices: enable, disable
- ddns_server_ip - IP address of the FortiDDNS server. type: str
- ddns_server_port - Port used to communicate with FortiDDNS servers. type: int
- load_balance_servers - Number of servers to alternate between as first FortiGuard option. type: int
- outbreak_prevention_cache - Enable/disable FortiGuard Virus Outbreak Prevention cache. type: str choices: enable, disable
- outbreak_prevention_cache_mpercent - Maximum percent of memory FortiGuard Virus Outbreak Prevention cache can use (1 - 15%). type: int
- outbreak_prevention_cache_ttl - Time-to-live for FortiGuard Virus Outbreak Prevention cache entries (300 - 86400 sec). type: int
- outbreak_prevention_expiration - Expiration date of FortiGuard Virus Outbreak Prevention contract. type: int
- outbreak_prevention_force_off - Turn off FortiGuard Virus Outbreak Prevention service. type: str choices: enable, disable
- outbreak_prevention_license - Interval of time between license checks for FortiGuard Virus Outbreak Prevention contract. type: int
- outbreak_prevention_timeout - FortiGuard Virus Outbreak Prevention time out (1 - 30 sec). type: int
- port - Port used to communicate with the FortiGuard servers. type: str choices: 53, 8888, 80
- sdns_server_ip - IP address of the FortiDNS server. type: str
- sdns_server_port - Port used to communicate with FortiDNS servers. type: int
- service_account_id - Service account ID. type: str
- source_ip - Source IPv4 address used to communicate with FortiGuard. type: str
- source_ip6 - Source IPv6 address used to communicate with FortiGuard. type: str
- update_server_location - Signature update server location. type: str choices: usa, any
- webfilter_cache - Enable/disable FortiGuard web filter caching. type: str choices: enable, disable
- webfilter_cache_ttl - Time-to-live for web filter cache entries in seconds (300 - 86400). type: int
- webfilter_expiration - Expiration date of the FortiGuard web filter contract. type: int
- webfilter_force_off - Enable/disable turning off the FortiGuard web filtering service. type: str choices: enable, disable
- webfilter_license - Interval of time between license checks for the FortiGuard web filter contract. type: int
- webfilter_timeout - Web filter query time out (1 - 30 sec). type: int
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure FortiGuard services.
fortios_system_fortiguard:
vdom: "{{ vdom }}"
system_fortiguard:
antispam_cache: "enable"
antispam_cache_mpercent: "4"
antispam_cache_ttl: "5"
antispam_expiration: "6"
antispam_force_off: "enable"
antispam_license: "8"
antispam_timeout: "9"
auto_join_forticloud: "enable"
ddns_server_ip: "<your_own_value>"
ddns_server_port: "12"
load_balance_servers: "13"
outbreak_prevention_cache: "enable"
outbreak_prevention_cache_mpercent: "15"
outbreak_prevention_cache_ttl: "16"
outbreak_prevention_expiration: "17"
outbreak_prevention_force_off: "enable"
outbreak_prevention_license: "19"
outbreak_prevention_timeout: "20"
port: "53"
sdns_server_ip: "<your_own_value>"
sdns_server_port: "23"
service_account_id: "<your_own_value>"
source_ip: "84.230.14.43"
source_ip6: "<your_own_value>"
update_server_location: "usa"
webfilter_cache: "enable"
webfilter_cache_ttl: "29"
webfilter_expiration: "30"
webfilter_force_off: "enable"
webfilter_license: "32"
webfilter_timeout: "33"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_fortimanager – Configure FortiManager in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and fortimanager category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- system_fortimanager - Configure FortiManager. type: dict
- central_management - Enable/disable FortiManager central management. type: str choices: enable, disable
- central_mgmt_auto_backup - Enable/disable central management auto backup. type: str choices: enable, disable
- central_mgmt_schedule_config_restore - Enable/disable central management schedule config restore. type: str choices: enable, disable
- central_mgmt_schedule_script_restore - Enable/disable central management schedule script restore. type: str choices: enable, disable
- ip - IP address. type: str
- ipsec - Enable/disable FortiManager IPsec tunnel. type: str choices: enable, disable
- vdom - Virtual domain name. Source system.vdom.name. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure FortiManager.
fortios_system_fortimanager:
vdom: "{{ vdom }}"
system_fortimanager:
central_management: "enable"
central_mgmt_auto_backup: "enable"
central_mgmt_schedule_config_restore: "enable"
central_mgmt_schedule_script_restore: "enable"
ip: "<your_own_value>"
ipsec: "enable"
vdom: "<your_own_value> (source system.vdom.name)"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_fortisandbox – Configure FortiSandbox in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and fortisandbox category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- system_fortisandbox - Configure FortiSandbox. type: dict
- email - Notifier email address. type: str
- enc_algorithm - Configure the level of SSL protection for secure communication with FortiSandbox. type: str choices: default, high, low
- server - IPv4 or IPv6 address of the remote FortiSandbox. type: str
- source_ip - Source IP address for communications to FortiSandbox. type: str
- ssl_min_proto_version - Minimum supported protocol version for SSL/TLS connections . type: str choices: default, SSLv3, TLSv1, TLSv1-1, TLSv1-2
- status - Enable/disable FortiSandbox. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure FortiSandbox.
fortios_system_fortisandbox:
vdom: "{{ vdom }}"
system_fortisandbox:
email: "<your_own_value>"
enc_algorithm: "default"
server: "192.168.100.40"
source_ip: "84.230.14.43"
ssl_min_proto_version: "default"
status: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_fsso_polling – Configure Fortinet Single Sign On (FSSO) server in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and fsso_polling category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- system_fsso_polling - Configure Fortinet Single Sign On (FSSO) server. type: dict
- auth_password - Password to connect to FSSO Agent. type: str
- authentication - Enable/disable FSSO Agent Authentication. type: str choices: enable, disable
- listening_port - Listening port to accept clients (1 - 65535). type: int
- status - Enable/disable FSSO Polling Mode. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure Fortinet Single Sign On (FSSO) server.
fortios_system_fsso_polling:
vdom: "{{ vdom }}"
system_fsso_polling:
auth_password: "<your_own_value>"
authentication: "enable"
listening_port: "5"
status: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_ftm_push – Configure FortiToken Mobile push services in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and ftm_push category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- system_ftm_push - Configure FortiToken Mobile push services. type: dict
- server_ip - IPv4 address of FortiToken Mobile push services server (format: xxx.xxx.xxx.xxx). type: str
- server_port - Port to communicate with FortiToken Mobile push services server (1 - 65535). type: int
- status - Enable/disable the use of FortiToken Mobile push services. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure FortiToken Mobile push services.
fortios_system_ftm_push:
vdom: "{{ vdom }}"
system_ftm_push:
server_ip: "<your_own_value>"
server_port: "4"
status: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_geoip_override – Configure geographical location mapping for IP address(es) to override mappings from FortiGuard in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and geoip_override category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_geoip_override - Configure geographical location mapping for IP address(es) to override mappings from FortiGuard. type: dict
- country_id - Two character Country ID code. type: str
- description - Description. type: str
- ip_range - Table of IP ranges assigned to country. type: list
- end_ip - Final IP address, inclusive, of the address range (format: xxx.xxx.xxx.xxx). type: str
- id - ID number for individual entry in the IP-Range table. type: int required: True
- start_ip - Starting IP address, inclusive, of the address range (format: xxx.xxx.xxx.xxx). type: str
- name - Location name. type: str required: True
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure geographical location mapping for IP address(es) to override mappings from FortiGuard.
fortios_system_geoip_override:
vdom: "{{ vdom }}"
state: "present"
system_geoip_override:
country_id: "<your_own_value>"
description: "<your_own_value>"
ip_range:
-
end_ip: "<your_own_value>"
id: "7"
start_ip: "<your_own_value>"
name: "default_name_9"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_global – Configure global attributes in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and global category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- system_global - Configure global attributes. type: dict
- admin_concurrent - Enable/disable concurrent administrator logins. (Use policy-auth-concurrent for firewall authenticated users.) type: str choices: enable, disable
- admin_console_timeout - Console login timeout that overrides the admintimeout value. (15 - 300 seconds) (15 seconds to 5 minutes). 0 the default, disables this timeout. type: int
- admin_hsts_max_age - HTTPS Strict-Transport-Security header max-age in seconds. A value of 0 will reset any HSTS records in the browser.When admin-https-redirect is disabled the header max-age will be 0. type: int
- admin_https_pki_required - Enable/disable admin login method. Enable to force administrators to provide a valid certificate to log in if PKI is enabled. Disable to allow administrators to log in with a certificate or password. type: str choices: enable, disable
- admin_https_redirect - Enable/disable redirection of HTTP administration access to HTTPS. type: str choices: enable, disable
- admin_https_ssl_versions - Allowed TLS versions for web administration. type: list choices: tlsv1-0, tlsv1-1, tlsv1-2
- admin_lockout_duration - Amount of time in seconds that an administrator account is locked out after reaching the admin-lockout-threshold for repeated failed login attempts. type: int
- admin_lockout_threshold - Number of failed login attempts before an administrator account is locked out for the admin-lockout-duration. type: int
- admin_login_max - Maximum number of administrators who can be logged in at the same time (1 - 100) type: int
- admin_maintainer - Enable/disable maintainer administrator login. When enabled, the maintainer account can be used to log in from the console after a hard reboot. The password is "bcpb" followed by the FortiGate unit serial number. You have limited time to complete this login. type: str choices: enable, disable
- admin_port - Administrative access port for HTTP. (1 - 65535). type: int
- admin_restrict_local - Enable/disable local admin authentication restriction when remote authenticator is up and running. type: str choices: enable, disable
- admin_scp - Enable/disable using SCP to download the system configuration. You can use SCP as an alternative method for backing up the configuration. type: str choices: enable, disable
- admin_server_cert - Server certificate that the FortiGate uses for HTTPS administrative connections. Source certificate.local.name. type: str
- admin_sport - Administrative access port for HTTPS. (1 - 65535). type: int
- admin_ssh_grace_time - Maximum time in seconds permitted between making an SSH connection to the FortiGate unit and authenticating (10 - 3600 sec (1 hour)). type: int
- admin_ssh_password - Enable/disable password authentication for SSH admin access. type: str choices: enable, disable
- admin_ssh_port - Administrative access port for SSH. (1 - 65535). type: int
- admin_ssh_v1 - Enable/disable SSH v1 compatibility. type: str choices: enable, disable
- admin_telnet_port - Administrative access port for TELNET. (1 - 65535). type: int
- admintimeout - Number of minutes before an idle administrator session times out (5 - 480 minutes (8 hours)). A shorter idle timeout is more secure. type: int
- alias - Alias for your FortiGate unit. type: str
- allow_traffic_redirect - Disable to allow traffic to be routed back on a different interface. type: str choices: enable, disable
- anti_replay - Level of checking for packet replay and TCP sequence checking. type: str choices: disable, loose, strict
- arp_max_entry - Maximum number of dynamically learned MAC addresses that can be added to the ARP table (131072 - 2147483647). type: int
- asymroute - Enable/disable asymmetric route. type: str choices: enable, disable
- auth_cert - Server certificate that the FortiGate uses for HTTPS firewall authentication connections. Source certificate.local.name. type: str
- auth_http_port - User authentication HTTP port. (1 - 65535). type: int
- auth_https_port - User authentication HTTPS port. (1 - 65535). type: int
- auth_keepalive - Enable to prevent user authentication sessions from timing out when idle. type: str choices: enable, disable
- auth_session_limit - Action to take when the number of allowed user authenticated sessions is reached. type: str choices: block-new, logout-inactive
- auto_auth_extension_device - Enable/disable automatic authorization of dedicated Fortinet extension devices. type: str choices: enable, disable
- av_affinity - Affinity setting for AV scanning (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx). type: str
- av_failopen - Set the action to take if the FortiGate is running low on memory or the proxy connection limit has been reached. type: str choices: pass, False, one-shot
- av_failopen_session - When enabled and a proxy for a protocol runs out of room in its session table, that protocol goes into failopen mode and enacts the action specified by av-failopen. type: str choices: enable, disable
- batch_cmdb - Enable/disable batch mode, allowing you to enter a series of CLI commands that will execute as a group once they are loaded. type: str choices: enable, disable
- block_session_timer - Duration in seconds for blocked sessions (1 - 300 sec (5 minutes)). type: int
- br_fdb_max_entry - Maximum number of bridge forwarding database (FDB) entries. type: int
- cert_chain_max - Maximum number of certificates that can be traversed in a certificate chain. type: int
- cfg_revert_timeout - Time-out for reverting to the last saved configuration. type: int
- cfg_save - Configuration file save mode for CLI changes. type: str choices: automatic, manual, revert
- check_protocol_header - Level of checking performed on protocol headers. Strict checking is more thorough but may affect performance. Loose checking is ok in most cases. type: str choices: loose, strict
- check_reset_range - Configure ICMP error message verification. You can either apply strict RST range checking or disable it. type: str choices: strict, disable
- cli_audit_log - Enable/disable CLI audit log. type: str choices: enable, disable
- clt_cert_req - Enable/disable requiring administrators to have a client certificate to log into the GUI using HTTPS. type: str choices: enable, disable
- compliance_check - Enable/disable global PCI DSS compliance check. type: str choices: enable, disable
- compliance_check_time - Time of day to run scheduled PCI DSS compliance checks. type: str
- cpu_use_threshold - Threshold at which CPU usage is reported. (% of total CPU). type: int
- csr_ca_attribute - Enable/disable the CA attribute in certificates. Some CA servers reject CSRs that have the CA attribute. type: str choices: enable, disable
- daily_restart - Enable/disable daily restart of FortiGate unit. Use the restart-time option to set the time of day for the restart. type: str choices: enable, disable
- device_identification_active_scan_delay - Number of seconds to passively scan a device before performing an active scan. (20 - 3600 sec, (20 sec to 1 hour)). type: int
- device_idle_timeout - Time in seconds that a device must be idle to automatically log the device user out. (30 - 31536000 sec (30 sec to 1 year)). type: int
- dh_params - Number of bits to use in the Diffie-Hellman exchange for HTTPS/SSH protocols. type: str choices: 1024, 1536, 2048, 3072, 4096, 6144, 8192
- dnsproxy_worker_count - DNS proxy worker count. type: int
- dst - Enable/disable daylight saving time. type: str choices: enable, disable
- endpoint_control_fds_access - Enable/disable access to the FortiGuard network for non-compliant endpoints. type: str choices: enable, disable
- endpoint_control_portal_port - Endpoint control portal port (1 - 65535). type: int
- failtime - Fail-time for server lost. type: int
- fds_statistics - Enable/disable sending IPS, Application Control, and AntiVirus data to FortiGuard. This data is used to improve FortiGuard services and is not shared with external parties and is protected by Fortinet"s privacy policy. type: str choices: enable, disable
- fds_statistics_period - FortiGuard statistics collection period in minutes. (1 - 1440 min (1 min to 24 hours)). type: int
- fgd_alert_subscription - Type of alert to retrieve from FortiGuard. type: list choices: advisory, latest-threat, latest-virus, latest-attack, new-antivirus-db, new-attack-db
- fortiextender - Enable/disable FortiExtender. type: str choices: enable, disable
- fortiextender_data_port - FortiExtender data port (1024 - 49150). type: int
- fortiextender_vlan_mode - Enable/disable FortiExtender VLAN mode. type: str choices: enable, disable
- fortiservice_port - FortiService port (1 - 65535). Used by FortiClient endpoint compliance. Older versions of FortiClient used a different port. type: int
- gui_certificates - Enable/disable the System > Certificate GUI page, allowing you to add and configure certificates from the GUI. type: str choices: enable, disable
- gui_custom_language - Enable/disable custom languages in GUI. type: str choices: enable, disable
- gui_date_format - Default date format used throughout GUI. type: str choices: yyyy/MM/dd, dd/MM/yyyy, MM/dd/yyyy, yyyy-MM-dd, dd-MM-yyyy, MM-dd-yyyy
- gui_device_latitude - Add the latitude of the location of this FortiGate to position it on the Threat Map. type: str
- gui_device_longitude - Add the longitude of the location of this FortiGate to position it on the Threat Map. type: str
- gui_display_hostname - Enable/disable displaying the FortiGate"s hostname on the GUI login page. type: str choices: enable, disable
- gui_ipv6 - Enable/disable IPv6 settings on the GUI. type: str choices: enable, disable
- gui_lines_per_page - Number of lines to display per page for web administration. type: int
- gui_theme - Color scheme for the administration GUI. type: str choices: green, red, blue, melongene, mariner
- gui_wireless_opensecurity - Enable/disable wireless open security option on the GUI. type: str choices: enable, disable
- honor_df - Enable/disable honoring of Don"t-Fragment (DF) flag. type: str choices: enable, disable
- hostname - FortiGate unit"s hostname. Most models will truncate names longer than 24 characters. Some models support hostnames up to 35 characters. type: str
- igmp_state_limit - Maximum number of IGMP memberships (96 - 64000). type: int
- interval - Dead gateway detection interval. type: int
- ip_src_port_range - IP source port range used for traffic originating from the FortiGate unit. type: str
- ips_affinity - Affinity setting for IPS (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx; allowed CPUs must be less than total number of IPS engine daemons). type: str
- ipsec_asic_offload - Enable/disable ASIC offloading (hardware acceleration) for IPsec VPN traffic. Hardware acceleration can offload IPsec VPN sessions and accelerate encryption and decryption. type: str choices: enable, disable
- ipsec_hmac_offload - Enable/disable offloading (hardware acceleration) of HMAC processing for IPsec VPN. type: str choices: enable, disable
- ipsec_soft_dec_async - Enable/disable software decryption asynchronization (using multiple CPUs to do decryption) for IPsec VPN traffic. type: str choices: enable, disable
- ipv6_accept_dad - Enable/disable acceptance of IPv6 Duplicate Address Detection (DAD). type: int
- ipv6_allow_anycast_probe - Enable/disable IPv6 address probe through Anycast. type: str choices: enable, disable
- language - GUI display language. type: str choices: english, french, spanish, portuguese, japanese, trach, simch, korean
- ldapconntimeout - Global timeout for connections with remote LDAP servers in milliseconds (1 - 300000). type: int
- lldp_transmission - Enable/disable Link Layer Discovery Protocol (LLDP) transmission. type: str choices: enable, disable
- log_ssl_connection - Enable/disable logging of SSL connection events. type: str choices: enable, disable
- log_uuid - Whether UUIDs are added to traffic logs. You can disable UUIDs, add firewall policy UUIDs to traffic logs, or add all UUIDs to traffic logs. type: str choices: disable, policy-only, extended
- login_timestamp - Enable/disable login time recording. type: str choices: enable, disable
- long_vdom_name - Enable/disable long VDOM name support. type: str choices: enable, disable
- management_vdom - Management virtual domain name. Source system.vdom.name. type: str
- max_dlpstat_memory - Maximum DLP stat memory (0 - 4294967295). type: int
- max_route_cache_size - Maximum number of IP route cache entries (0 - 2147483647). type: int
- mc_ttl_notchange - Enable/disable no modification of multicast TTL. type: str choices: enable, disable
- memory_use_threshold_extreme - Threshold at which memory usage is considered extreme (new sessions are dropped) (% of total RAM). type: int
- memory_use_threshold_green - Threshold at which memory usage forces the FortiGate to exit conserve mode (% of total RAM). type: int
- memory_use_threshold_red - Threshold at which memory usage forces the FortiGate to enter conserve mode (% of total RAM). type: int
- miglog_affinity - Affinity setting for logging (64-bit hexadecimal value in the format of xxxxxxxxxxxxxxxx). type: str
- miglogd_children - Number of logging (miglogd) processes to be allowed to run. Higher number can reduce performance; lower number can slow log processing time. No logs will be dropped or lost if the number is changed. type: int
- multi_factor_authentication - Enforce all login methods to require an additional authentication factor . type: str choices: optional, mandatory
- multicast_forward - Enable/disable multicast forwarding. type: str choices: enable, disable
- ndp_max_entry - Maximum number of NDP table entries (set to 65,536 or higher; if set to 0, kernel holds 65,536 entries). type: int
- per_user_bwl - Enable/disable per-user black/white list filter. type: str choices: enable, disable
- policy_auth_concurrent - Number of concurrent firewall use logins from the same user (1 - 100). type: int
- post_login_banner - Enable/disable displaying the administrator access disclaimer message after an administrator successfully logs in. type: str choices: disable, enable
- pre_login_banner - Enable/disable displaying the administrator access disclaimer message on the login page before an administrator logs in. type: str choices: enable, disable
- private_data_encryption - Enable/disable private data encryption using an AES 128-bit key. type: str choices: disable, enable
- proxy_auth_lifetime - Enable/disable authenticated users lifetime control. This is a cap on the total time a proxy user can be authenticated for after which re-authentication will take place. type: str choices: enable, disable
- proxy_auth_lifetime_timeout - Lifetime timeout in minutes for authenticated users (5 - 65535 min). type: int
- proxy_auth_timeout - Authentication timeout in minutes for authenticated users (1 - 300 min). type: int
- proxy_cipher_hardware_acceleration - Enable/disable using content processor (CP8 or CP9) hardware acceleration to encrypt and decrypt IPsec and SSL traffic. type: str choices: disable, enable
- proxy_kxp_hardware_acceleration - Enable/disable using the content processor to accelerate KXP traffic. type: str choices: disable, enable
- proxy_re_authentication_mode - Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was first created. type: str choices: session, traffic, absolute
- proxy_worker_count - Proxy worker count. type: int
- radius_port - RADIUS service port number. type: int
- reboot_upon_config_restore - Enable/disable reboot of system upon restoring configuration. type: str choices: enable, disable
- refresh - Statistics refresh interval in GUI. type: int
- remoteauthtimeout - Number of seconds that the FortiGate waits for responses from remote RADIUS, LDAP, or TACACS+ authentication servers. (0-300 sec). type: int
- reset_sessionless_tcp - Action to perform if the FortiGate receives a TCP packet but cannot find a corresponding session in its session table. NAT/Route mode only. type: str choices: enable, disable
- restart_time - Daily restart time (hh:mm). type: str
- revision_backup_on_logout - Enable/disable back-up of the latest configuration revision when an administrator logs out of the CLI or GUI. type: str choices: enable, disable
- revision_image_auto_backup - Enable/disable back-up of the latest configuration revision after the firmware is upgraded. type: str choices: enable, disable
- scanunit_count - Number of scanunits. The range and the default depend on the number of CPUs. Only available on FortiGate units with multiple CPUs. type: int
- security_rating_result_submission - Enable/disable the submission of Security Rating results to FortiGuard. type: str choices: enable, disable
- security_rating_run_on_schedule - Enable/disable scheduled runs of Security Rating. type: str choices: enable, disable
- send_pmtu_icmp - Enable/disable sending of path maximum transmission unit (PMTU) - ICMP destination unreachable packet and to support PMTUD protocol on your network to reduce fragmentation of packets. type: str choices: enable, disable
- snat_route_change - Enable/disable the ability to change the static NAT route. type: str choices: enable, disable
- special_file_23_support - Enable/disable IPS detection of HIBUN format files when using Data Leak Protection. type: str choices: disable, enable
- ssd_trim_date - Date within a month to run ssd trim. type: int
- ssd_trim_freq - How often to run SSD Trim . SSD Trim prevents SSD drive data loss by finding and isolating errors. type: str choices: never, hourly, daily, weekly, monthly
- ssd_trim_hour - Hour of the day on which to run SSD Trim (0 - 23). type: int
- ssd_trim_min - Minute of the hour on which to run SSD Trim (0 - 59, 60 for random). type: int
- ssd_trim_weekday - Day of week to run SSD Trim. type: str choices: sunday, monday, tuesday, wednesday, thursday, friday, saturday
- ssh_cbc_cipher - Enable/disable CBC cipher for SSH access. type: str choices: enable, disable
- ssh_hmac_md5 - Enable/disable HMAC-MD5 for SSH access. type: str choices: enable, disable
- ssh_kex_sha1 - Enable/disable SHA1 key exchange for SSH access. type: str choices: enable, disable
- ssl_min_proto_version - Minimum supported protocol version for SSL/TLS connections . type: str choices: SSLv3, TLSv1, TLSv1-1, TLSv1-2
- ssl_static_key_ciphers - Enable/disable static key ciphers in SSL/TLS connections (e.g. AES128-SHA, AES256-SHA, AES128-SHA256, AES256-SHA256). type: str choices: enable, disable
- sslvpn_cipher_hardware_acceleration - Enable/disable SSL VPN hardware acceleration. type: str choices: enable, disable
- sslvpn_kxp_hardware_acceleration - Enable/disable SSL VPN KXP hardware acceleration. type: str choices: enable, disable
- sslvpn_max_worker_count - Maximum number of SSL VPN processes. Upper limit for this value is the number of CPUs and depends on the model. type: int
- sslvpn_plugin_version_check - Enable/disable checking browser"s plugin version by SSL VPN. type: str choices: enable, disable
- strict_dirty_session_check - Enable to check the session against the original policy when revalidating. This can prevent dropping of redirected sessions when web-filtering and authentication are enabled together. If this option is enabled, the FortiGate unit deletes a session if a routing or policy change causes the session to no longer match the policy that originally allowed the session. type: str choices: enable, disable
- strong_crypto - Enable to use strong encryption and only allow strong ciphers (AES, 3DES) and digest (SHA1) for HTTPS/SSH/TLS/SSL functions. type: str choices: enable, disable
- switch_controller - Enable/disable switch controller feature. Switch controller allows you to manage FortiSwitch from the FortiGate itself. type: str choices: disable, enable
- switch_controller_reserved_network - Enable reserved network subnet for controlled switches. This is available when the switch controller is enabled. type: str
- sys_perf_log_interval - Time in minutes between updates of performance statistics logging. (1 - 15 min). type: int
- tcp_halfclose_timer - Number of seconds the FortiGate unit should wait to close a session after one peer has sent a FIN packet but the other has not responded (1 - 86400 sec (1 day)). type: int
- tcp_halfopen_timer - Number of seconds the FortiGate unit should wait to close a session after one peer has sent an open session packet but the other has not responded (1 - 86400 sec (1 day)). type: int
- tcp_option - Enable SACK, timestamp and MSS TCP options. type: str choices: enable, disable
- tcp_timewait_timer - Length of the TCP TIME-WAIT state in seconds. type: int
- tftp - Enable/disable TFTP. type: str choices: enable, disable
- timezone - Number corresponding to your time zone from 00 to 86. Enter set timezone ? to view the list of time zones and the numbers that represent them. type: str choices: 1, 2, 3, 4, 5, 81, 6, 7, 08, 09, 10, 11, 12, 13, 74, 14, 77, 15, 87, 16, 17, 18, 19, 20, 75, 21, 22, 23, 24, 80, 79, 25, 26, 27, 28, 78, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 83, 84, 40, 85, 41, 42, 43, 39, 44, 46, 47, 51, 48, 45, 49, 50, 52, 53, 54, 55, 56, 57, 58, 59, 60, 62, 63, 61, 64, 65, 66, 67, 68, 69, 70, 71, 72, 0, 82, 73, 86, 76
- tp_mc_skip_policy - Enable/disable skip policy check and allow multicast through. type: str choices: enable, disable
- traffic_priority - Choose Type of Service (ToS) or Differentiated Services Code Point (DSCP) for traffic prioritization in traffic shaping. type: str choices: tos, dscp
- traffic_priority_level - Default system-wide level of priority for traffic prioritization. type: str choices: low, medium, high
- two_factor_email_expiry - Email-based two-factor authentication session timeout (30 - 300 seconds (5 minutes)). type: int
- two_factor_fac_expiry - FortiAuthenticator token authentication session timeout (10 - 3600 seconds (1 hour)). type: int
- two_factor_ftk_expiry - FortiToken authentication session timeout (60 - 600 sec (10 minutes)). type: int
- two_factor_ftm_expiry - FortiToken Mobile session timeout (1 - 168 hours (7 days)). type: int
- two_factor_sms_expiry - SMS-based two-factor authentication session timeout (30 - 300 sec). type: int
- udp_idle_timer - UDP connection session timeout. This command can be useful in managing CPU and memory resources (1 - 86400 seconds (1 day)). type: int
- user_server_cert - Certificate to use for https user authentication. Source certificate.local.name. type: str
- vdom_admin - Enable/disable support for multiple virtual domains (VDOMs). type: str choices: enable, disable
- vip_arp_range - Controls the number of ARPs that the FortiGate sends for a Virtual IP (VIP) address range. type: str choices: unlimited, restricted
- virtual_server_count - Maximum number of virtual server processes to create. The maximum is the number of CPU cores. This is not available on single-core CPUs. type: int
- virtual_server_hardware_acceleration - Enable/disable virtual server hardware acceleration. type: str choices: disable, enable
- wad_affinity - Affinity setting for wad (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx). type: str
- wad_csvc_cs_count - Number of concurrent WAD-cache-service object-cache processes. type: int
- wad_csvc_db_count - Number of concurrent WAD-cache-service byte-cache processes. type: int
- wad_source_affinity - Enable/disable dispatching traffic to WAD workers based on source affinity. type: str choices: disable, enable
- wad_worker_count - Number of explicit proxy WAN optimization daemon (WAD) processes. By default WAN optimization, explicit proxy, and web caching is handled by all of the CPU cores in a FortiGate unit. type: int
- wifi_ca_certificate - CA certificate that verifies the WiFi certificate. Source certificate.ca.name. type: str
- wifi_certificate - Certificate to use for WiFi authentication. Source certificate.local.name. type: str
- wimax_4g_usb - Enable/disable comparability with WiMAX 4G USB devices. type: str choices: enable, disable
- wireless_controller - Enable/disable the wireless controller feature to use the FortiGate unit to manage FortiAPs. type: str choices: enable, disable
- wireless_controller_port - Port used for the control channel in wireless controller mode (wireless-mode is ac). The data channel port is the control channel port number plus one (1024 - 49150). type: int
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure global attributes.
fortios_system_global:
vdom: "{{ vdom }}"
system_global:
admin_concurrent: "enable"
admin_console_timeout: "4"
admin_hsts_max_age: "5"
admin_https_pki_required: "enable"
admin_https_redirect: "enable"
admin_https_ssl_versions: "tlsv1-0"
admin_lockout_duration: "9"
admin_lockout_threshold: "10"
admin_login_max: "11"
admin_maintainer: "enable"
admin_port: "13"
admin_restrict_local: "enable"
admin_scp: "enable"
admin_server_cert: "<your_own_value> (source certificate.local.name)"
admin_sport: "17"
admin_ssh_grace_time: "18"
admin_ssh_password: "enable"
admin_ssh_port: "20"
admin_ssh_v1: "enable"
admin_telnet_port: "22"
admintimeout: "23"
alias: "<your_own_value>"
allow_traffic_redirect: "enable"
anti_replay: "disable"
arp_max_entry: "27"
asymroute: "enable"
auth_cert: "<your_own_value> (source certificate.local.name)"
auth_http_port: "30"
auth_https_port: "31"
auth_keepalive: "enable"
auth_session_limit: "block-new"
auto_auth_extension_device: "enable"
av_affinity: "<your_own_value>"
av_failopen: "pass"
av_failopen_session: "enable"
batch_cmdb: "enable"
block_session_timer: "39"
br_fdb_max_entry: "40"
cert_chain_max: "41"
cfg_revert_timeout: "42"
cfg_save: "automatic"
check_protocol_header: "loose"
check_reset_range: "strict"
cli_audit_log: "enable"
clt_cert_req: "enable"
compliance_check: "enable"
compliance_check_time: "<your_own_value>"
cpu_use_threshold: "50"
csr_ca_attribute: "enable"
daily_restart: "enable"
device_identification_active_scan_delay: "53"
device_idle_timeout: "54"
dh_params: "1024"
dnsproxy_worker_count: "56"
dst: "enable"
endpoint_control_fds_access: "enable"
endpoint_control_portal_port: "59"
failtime: "60"
fds_statistics: "enable"
fds_statistics_period: "62"
fgd_alert_subscription: "advisory"
fortiextender: "enable"
fortiextender_data_port: "65"
fortiextender_vlan_mode: "enable"
fortiservice_port: "67"
gui_certificates: "enable"
gui_custom_language: "enable"
gui_date_format: "yyyy/MM/dd"
gui_device_latitude: "<your_own_value>"
gui_device_longitude: "<your_own_value>"
gui_display_hostname: "enable"
gui_ipv6: "enable"
gui_lines_per_page: "75"
gui_theme: "green"
gui_wireless_opensecurity: "enable"
honor_df: "enable"
hostname: "myhostname"
igmp_state_limit: "80"
interval: "81"
ip_src_port_range: "<your_own_value>"
ips_affinity: "<your_own_value>"
ipsec_asic_offload: "enable"
ipsec_hmac_offload: "enable"
ipsec_soft_dec_async: "enable"
ipv6_accept_dad: "87"
ipv6_allow_anycast_probe: "enable"
language: "english"
ldapconntimeout: "90"
lldp_transmission: "enable"
log_ssl_connection: "enable"
log_uuid: "disable"
login_timestamp: "enable"
long_vdom_name: "enable"
management_vdom: "<your_own_value> (source system.vdom.name)"
max_dlpstat_memory: "97"
max_route_cache_size: "98"
mc_ttl_notchange: "enable"
memory_use_threshold_extreme: "100"
memory_use_threshold_green: "101"
memory_use_threshold_red: "102"
miglog_affinity: "<your_own_value>"
miglogd_children: "104"
multi_factor_authentication: "optional"
multicast_forward: "enable"
ndp_max_entry: "107"
per_user_bwl: "enable"
policy_auth_concurrent: "109"
post_login_banner: "disable"
pre_login_banner: "enable"
private_data_encryption: "disable"
proxy_auth_lifetime: "enable"
proxy_auth_lifetime_timeout: "114"
proxy_auth_timeout: "115"
proxy_cipher_hardware_acceleration: "disable"
proxy_kxp_hardware_acceleration: "disable"
proxy_re_authentication_mode: "session"
proxy_worker_count: "119"
radius_port: "120"
reboot_upon_config_restore: "enable"
refresh: "122"
remoteauthtimeout: "123"
reset_sessionless_tcp: "enable"
restart_time: "<your_own_value>"
revision_backup_on_logout: "enable"
revision_image_auto_backup: "enable"
scanunit_count: "128"
security_rating_result_submission: "enable"
security_rating_run_on_schedule: "enable"
send_pmtu_icmp: "enable"
snat_route_change: "enable"
special_file_23_support: "disable"
ssd_trim_date: "134"
ssd_trim_freq: "never"
ssd_trim_hour: "136"
ssd_trim_min: "137"
ssd_trim_weekday: "sunday"
ssh_cbc_cipher: "enable"
ssh_hmac_md5: "enable"
ssh_kex_sha1: "enable"
ssl_min_proto_version: "SSLv3"
ssl_static_key_ciphers: "enable"
sslvpn_cipher_hardware_acceleration: "enable"
sslvpn_kxp_hardware_acceleration: "enable"
sslvpn_max_worker_count: "146"
sslvpn_plugin_version_check: "enable"
strict_dirty_session_check: "enable"
strong_crypto: "enable"
switch_controller: "disable"
switch_controller_reserved_network: "<your_own_value>"
sys_perf_log_interval: "152"
tcp_halfclose_timer: "153"
tcp_halfopen_timer: "154"
tcp_option: "enable"
tcp_timewait_timer: "156"
tftp: "enable"
timezone: "01"
tp_mc_skip_policy: "enable"
traffic_priority: "tos"
traffic_priority_level: "low"
two_factor_email_expiry: "162"
two_factor_fac_expiry: "163"
two_factor_ftk_expiry: "164"
two_factor_ftm_expiry: "165"
two_factor_sms_expiry: "166"
udp_idle_timer: "167"
user_server_cert: "<your_own_value> (source certificate.local.name)"
vdom_admin: "enable"
vip_arp_range: "unlimited"
virtual_server_count: "171"
virtual_server_hardware_acceleration: "disable"
wad_affinity: "<your_own_value>"
wad_csvc_cs_count: "174"
wad_csvc_db_count: "175"
wad_source_affinity: "disable"
wad_worker_count: "177"
wifi_ca_certificate: "<your_own_value> (source certificate.ca.name)"
wifi_certificate: "<your_own_value> (source certificate.local.name)"
wimax_4g_usb: "enable"
wireless_controller: "enable"
wireless_controller_port: "182"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_gre_tunnel – Configure GRE tunnel in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and gre_tunnel category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_gre_tunnel - Configure GRE tunnel. type: dict
- checksum_reception - Enable/disable validating checksums in received GRE packets. type: str choices: disable, enable
- checksum_transmission - Enable/disable including checksums in transmitted GRE packets. type: str choices: disable, enable
- dscp_copying - Enable/disable DSCP copying. type: str choices: disable, enable
- interface - Interface name. Source system.interface.name. type: str
- ip_version - IP version to use for VPN interface. type: str choices: 4, 6
- keepalive_failtimes - Number of consecutive unreturned keepalive messages before a GRE connection is considered down (1 - 255). type: int
- keepalive_interval - Keepalive message interval (0 - 32767, 0 = disabled). type: int
- key_inbound - Require received GRE packets contain this key (0 - 4294967295). type: int
- key_outbound - Include this key in transmitted GRE packets (0 - 4294967295). type: int
- local_gw - IP address of the local gateway. type: str
- local_gw6 - IPv6 address of the local gateway. type: str
- name - Tunnel name. type: str required: True
- remote_gw - IP address of the remote gateway. type: str
- remote_gw6 - IPv6 address of the remote gateway. type: str
- sequence_number_reception - Enable/disable validating sequence numbers in received GRE packets. type: str choices: disable, enable
- sequence_number_transmission - Enable/disable including of sequence numbers in transmitted GRE packets. type: str choices: disable, enable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure GRE tunnel.
fortios_system_gre_tunnel:
vdom: "{{ vdom }}"
state: "present"
system_gre_tunnel:
checksum_reception: "disable"
checksum_transmission: "disable"
dscp_copying: "disable"
interface: "<your_own_value> (source system.interface.name)"
ip_version: "4"
keepalive_failtimes: "8"
keepalive_interval: "9"
key_inbound: "10"
key_outbound: "11"
local_gw: "<your_own_value>"
local_gw6: "<your_own_value>"
name: "default_name_14"
remote_gw: "<your_own_value>"
remote_gw6: "<your_own_value>"
sequence_number_reception: "disable"
sequence_number_transmission: "disable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_ha – Configure HA in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and ha category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- system_ha - Configure HA. type: dict
- arps - Number of gratuitous ARPs (1 - 60). Lower to reduce traffic. Higher to reduce failover time. type: int
- arps_interval - Time between gratuitous ARPs (1 - 20 sec). Lower to reduce failover time. Higher to reduce traffic. type: int
- authentication - Enable/disable heartbeat message authentication. type: str choices: enable, disable
- cpu_threshold - Dynamic weighted load balancing CPU usage weight and high and low thresholds. type: str
- encryption - Enable/disable heartbeat message encryption. type: str choices: enable, disable
- ftp_proxy_threshold - Dynamic weighted load balancing weight and high and low number of FTP proxy sessions. type: str
- gratuitous_arps - Enable/disable gratuitous ARPs. Disable if link-failed-signal enabled. type: str choices: enable, disable
- group_id - Cluster group ID (0 - 255). Must be the same for all members. type: int
- group_name - Cluster group name. Must be the same for all members. type: str
- ha_direct - Enable/disable using ha-mgmt interface for syslog, SNMP, remote authentication (RADIUS), FortiAnalyzer, and FortiSandbox. type: str choices: enable, disable
- ha_eth_type - HA heartbeat packet Ethertype (4-digit hex). type: str
- ha_mgmt_interfaces - Reserve interfaces to manage individual cluster units. type: list
- dst - Default route destination for reserved HA management interface. type: str
- gateway - Default route gateway for reserved HA management interface. type: str
- gateway6 - Default IPv6 gateway for reserved HA management interface. type: str
- id - Table ID. type: int required: True
- interface - Interface to reserve for HA management. Source system.interface.name. type: str
- ha_mgmt_status - Enable to reserve interfaces to manage individual cluster units. type: str choices: enable, disable
- ha_uptime_diff_margin - Normally you would only reduce this value for failover testing. type: int
- hb_interval - Time between sending heartbeat packets (1 - 20 (100*ms)). Increase to reduce false positives. type: int
- hb_lost_threshold - Number of lost heartbeats to signal a failure (1 - 60). Increase to reduce false positives. type: int
- hbdev - Heartbeat interfaces. Must be the same for all members. type: str
- hc_eth_type - Transparent mode HA heartbeat packet Ethertype (4-digit hex). type: str
- hello_holddown - Time to wait before changing from hello to work state (5 - 300 sec). type: int
- http_proxy_threshold - Dynamic weighted load balancing weight and high and low number of HTTP proxy sessions. type: str
- imap_proxy_threshold - Dynamic weighted load balancing weight and high and low number of IMAP proxy sessions. type: str
- inter_cluster_session_sync - Enable/disable synchronization of sessions among HA clusters. type: str choices: enable, disable
- key - key type: str
- l2ep_eth_type - Telnet session HA heartbeat packet Ethertype (4-digit hex). type: str
- link_failed_signal - Enable to shut down all interfaces for 1 sec after a failover. Use if gratuitous ARPs do not update network. type: str choices: enable, disable
- load_balance_all - Enable to load balance TCP sessions. Disable to load balance proxy sessions only. type: str choices: enable, disable
- memory_compatible_mode - Enable/disable memory compatible mode. type: str choices: enable, disable
- memory_threshold - Dynamic weighted load balancing memory usage weight and high and low thresholds. type: str
- mode - HA mode. Must be the same for all members. FGSP requires standalone. type: str choices: standalone, a-a, a-p
- monitor - Interfaces to check for port monitoring (or link failure). Source system.interface.name. type: str
- multicast_ttl - HA multicast TTL on master (5 - 3600 sec). type: int
- nntp_proxy_threshold - Dynamic weighted load balancing weight and high and low number of NNTP proxy sessions. type: str
- override - Enable and increase the priority of the unit that should always be primary (master). type: str choices: enable, disable
- override_wait_time - Delay negotiating if override is enabled (0 - 3600 sec). Reduces how often the cluster negotiates. type: int
- password - Cluster password. Must be the same for all members. type: str
- pingserver_failover_threshold - Remote IP monitoring failover threshold (0 - 50). type: int
- pingserver_flip_timeout - Time to wait in minutes before renegotiating after a remote IP monitoring failover. type: int
- pingserver_monitor_interface - Interfaces to check for remote IP monitoring. Source system.interface.name. type: str
- pingserver_slave_force_reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. type: str choices: enable, disable
- pop3_proxy_threshold - Dynamic weighted load balancing weight and high and low number of POP3 proxy sessions. type: str
- priority - Increase the priority to select the primary unit (0 - 255). type: int
- route_hold - Time to wait between routing table updates to the cluster (0 - 3600 sec). type: int
- route_ttl - TTL for primary unit routes (5 - 3600 sec). Increase to maintain active routes during failover. type: int
- route_wait - Time to wait before sending new routes to the cluster (0 - 3600 sec). type: int
- schedule - Type of A-A load balancing. Use none if you have external load balancers. type: str choices: none, hub, leastconnection, round-robin, weight-round-robin, random, ip, ipport
- secondary_vcluster - Configure virtual cluster 2. type: dict
- monitor - Interfaces to check for port monitoring (or link failure). Source system.interface.name. type: str
- override - Enable and increase the priority of the unit that should always be primary (master). type: str choices: enable, disable
- override_wait_time - Delay negotiating if override is enabled (0 - 3600 sec). Reduces how often the cluster negotiates. type: int
- pingserver_failover_threshold - Remote IP monitoring failover threshold (0 - 50). type: int
- pingserver_monitor_interface - Interfaces to check for remote IP monitoring. Source system.interface.name. type: str
- pingserver_slave_force_reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. type: str choices: enable, disable
- priority - Increase the priority to select the primary unit (0 - 255). type: int
- vcluster_id - Cluster ID. type: int
- vdom - VDOMs in virtual cluster 2. type: str
- session_pickup - Enable/disable session pickup. Enabling it can reduce session down time when fail over happens. type: str choices: enable, disable
- session_pickup_connectionless - Enable/disable UDP and ICMP session sync for FGSP. type: str choices: enable, disable
- session_pickup_delay - Enable to sync sessions longer than 30 sec. Only longer lived sessions need to be synced. type: str choices: enable, disable
- session_pickup_expectation - Enable/disable session helper expectation session sync for FGSP. type: str choices: enable, disable
- session_pickup_nat - Enable/disable NAT session sync for FGSP. type: str choices: enable, disable
- session_sync_dev - Offload session sync to one or more interfaces to distribute traffic and prevent delays if needed. Source system.interface.name. type: str
- smtp_proxy_threshold - Dynamic weighted load balancing weight and high and low number of SMTP proxy sessions. type: str
- standalone_config_sync - Enable/disable FGSP configuration synchronization. type: str choices: enable, disable
- standalone_mgmt_vdom - Enable/disable standalone management VDOM. type: str choices: enable, disable
- sync_config - Enable/disable configuration synchronization. type: str choices: enable, disable
- sync_packet_balance - Enable/disable HA packet distribution to multiple CPUs. type: str choices: enable, disable
- unicast_hb - Enable/disable unicast heartbeat. type: str choices: enable, disable
- unicast_hb_netmask - Unicast heartbeat netmask. type: str
- unicast_hb_peerip - Unicast heartbeat peer IP. type: str
- uninterruptible_upgrade - Enable to upgrade a cluster without blocking network traffic. type: str choices: enable, disable
- vcluster_id - Cluster ID. type: int
- vcluster2 - Enable/disable virtual cluster 2 for virtual clustering. type: str choices: enable, disable
- vdom - VDOMs in virtual cluster 1. type: str
- weight - Weight-round-robin weight for each cluster unit. Syntax
. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure HA.
fortios_system_ha:
vdom: "{{ vdom }}"
system_ha:
arps: "3"
arps_interval: "4"
authentication: "enable"
cpu_threshold: "<your_own_value>"
encryption: "enable"
ftp_proxy_threshold: "<your_own_value>"
gratuitous_arps: "enable"
group_id: "10"
group_name: "<your_own_value>"
ha_direct: "enable"
ha_eth_type: "<your_own_value>"
ha_mgmt_interfaces:
-
dst: "<your_own_value>"
gateway: "<your_own_value>"
gateway6: "<your_own_value>"
id: "18"
interface: "<your_own_value> (source system.interface.name)"
ha_mgmt_status: "enable"
ha_uptime_diff_margin: "21"
hb_interval: "22"
hb_lost_threshold: "23"
hbdev: "<your_own_value>"
hc_eth_type: "<your_own_value>"
hello_holddown: "26"
http_proxy_threshold: "<your_own_value>"
imap_proxy_threshold: "<your_own_value>"
inter_cluster_session_sync: "enable"
key: "<your_own_value>"
l2ep_eth_type: "<your_own_value>"
link_failed_signal: "enable"
load_balance_all: "enable"
memory_compatible_mode: "enable"
memory_threshold: "<your_own_value>"
mode: "standalone"
monitor: "<your_own_value> (source system.interface.name)"
multicast_ttl: "38"
nntp_proxy_threshold: "<your_own_value>"
override: "enable"
override_wait_time: "41"
password: "<your_own_value>"
pingserver_failover_threshold: "43"
pingserver_flip_timeout: "44"
pingserver_monitor_interface: "<your_own_value> (source system.interface.name)"
pingserver_slave_force_reset: "enable"
pop3_proxy_threshold: "<your_own_value>"
priority: "48"
route_hold: "49"
route_ttl: "50"
route_wait: "51"
schedule: "none"
secondary_vcluster:
monitor: "<your_own_value> (source system.interface.name)"
override: "enable"
override_wait_time: "56"
pingserver_failover_threshold: "57"
pingserver_monitor_interface: "<your_own_value> (source system.interface.name)"
pingserver_slave_force_reset: "enable"
priority: "60"
vcluster_id: "61"
vdom: "<your_own_value>"
session_pickup: "enable"
session_pickup_connectionless: "enable"
session_pickup_delay: "enable"
session_pickup_expectation: "enable"
session_pickup_nat: "enable"
session_sync_dev: "<your_own_value> (source system.interface.name)"
smtp_proxy_threshold: "<your_own_value>"
standalone_config_sync: "enable"
standalone_mgmt_vdom: "enable"
sync_config: "enable"
sync_packet_balance: "enable"
unicast_hb: "enable"
unicast_hb_netmask: "<your_own_value>"
unicast_hb_peerip: "<your_own_value>"
uninterruptible_upgrade: "enable"
vcluster_id: "78"
vcluster2: "enable"
vdom: "<your_own_value>"
weight: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_ha_monitor – Configure HA monitor in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and ha_monitor category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- system_ha_monitor - Configure HA monitor. type: dict
- monitor_vlan - Enable/disable monitor VLAN interfaces. type: str choices: enable, disable
- vlan_hb_interval - Configure heartbeat interval (seconds). type: int
- vlan_hb_lost_threshold - VLAN lost heartbeat threshold (1 - 60). type: int
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure HA monitor.
fortios_system_ha_monitor:
vdom: "{{ vdom }}"
system_ha_monitor:
monitor_vlan: "enable"
vlan_hb_interval: "4"
vlan_hb_lost_threshold: "5"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_interface – Configure interfaces in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and interface category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- system_interface - Configure interfaces. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- ac_name - PPPoE server name. type: str
- aggregate - Aggregate interface. type: str
- algorithm - Frame distribution algorithm. type: str choices: L2, L3, L4
- alias - Alias will be displayed with the interface name to make it easier to distinguish. type: str
- allowaccess - Permitted types of management access to this interface. type: list choices: ping, https, ssh, snmp, http, telnet, fgfm, radius-acct, probe-response, capwap, ftm
- ap_discover - Enable/disable automatic registration of unknown FortiAP devices. type: str choices: enable, disable
- arpforward - Enable/disable ARP forwarding. type: str choices: enable, disable
- auth_type - PPP authentication type to use. type: str choices: auto, pap, chap, mschapv1, mschapv2
- auto_auth_extension_device - Enable/disable automatic authorization of dedicated Fortinet extension device on this interface. type: str choices: enable, disable
- bfd - Bidirectional Forwarding Detection (BFD) settings. type: str choices: global, enable, disable
- bfd_desired_min_tx - BFD desired minimal transmit interval. type: int
- bfd_detect_mult - BFD detection multiplier. type: int
- bfd_required_min_rx - BFD required minimal receive interval. type: int
- broadcast_forticlient_discovery - Enable/disable broadcasting FortiClient discovery messages. type: str choices: enable, disable
- broadcast_forward - Enable/disable broadcast forwarding. type: str choices: enable, disable
- captive_portal - Enable/disable captive portal. type: int
- cli_conn_status - CLI connection status. type: int
- color - Color of icon on the GUI. type: int
- dedicated_to - Configure interface for single purpose. type: str choices: none, management
- defaultgw - Enable to get the gateway IP from the DHCP or PPPoE server. type: str choices: enable, disable
- description - Description. type: str
- detected_peer_mtu - MTU of detected peer (0 - 4294967295). type: int
- detectprotocol - Protocols used to detect the server. type: str choices: ping, tcp-echo, udp-echo
- detectserver - Gateway"s ping server for this IP. type: str
- device_access_list - Device access list. type: str
- device_identification - Enable/disable passively gathering of device identity information about the devices on the network connected to this interface. type: str choices: enable, disable
- device_identification_active_scan - Enable/disable active gathering of device identity information about the devices on the network connected to this interface. type: str choices: enable, disable
- device_netscan - Enable/disable inclusion of devices detected on this interface in network vulnerability scans. type: str choices: disable, enable
- device_user_identification - Enable/disable passive gathering of user identity information about users on this interface. type: str choices: enable, disable
- devindex - Device Index. type: int
- dhcp_client_identifier - DHCP client identifier. type: str
- dhcp_relay_agent_option - Enable/disable DHCP relay agent option. type: str choices: enable, disable
- dhcp_relay_ip - DHCP relay IP address. type: str
- dhcp_relay_service - Enable/disable allowing this interface to act as a DHCP relay. type: str choices: disable, enable
- dhcp_relay_type - DHCP relay type (regular or IPsec). type: str choices: regular, ipsec
- dhcp_renew_time - DHCP renew time in seconds (300-604800), 0 means use the renew time provided by the server. type: int
- disc_retry_timeout - Time in seconds to wait before retrying to start a PPPoE discovery, 0 means no timeout. type: int
- disconnect_threshold - Time in milliseconds to wait before sending a notification that this interface is down or disconnected. type: int
- distance - Distance for routes learned through PPPoE or DHCP, lower distance indicates preferred route. type: int
- dns_server_override - Enable/disable use DNS acquired by DHCP or PPPoE. type: str choices: enable, disable
- drop_fragment - Enable/disable drop fragment packets. type: str choices: enable, disable
- drop_overlapped_fragment - Enable/disable drop overlapped fragment packets. type: str choices: enable, disable
- egress_shaping_profile - Outgoing traffic shaping profile. type: str
- endpoint_compliance - Enable/disable endpoint compliance enforcement. type: str choices: enable, disable
- estimated_downstream_bandwidth - Estimated maximum downstream bandwidth (kbps). Used to estimate link utilization. type: int
- estimated_upstream_bandwidth - Estimated maximum upstream bandwidth (kbps). Used to estimate link utilization. type: int
- explicit_ftp_proxy - Enable/disable the explicit FTP proxy on this interface. type: str choices: enable, disable
- explicit_web_proxy - Enable/disable the explicit web proxy on this interface. type: str choices: enable, disable
- external - Enable/disable identifying the interface as an external interface (which usually means it"s connected to the Internet). type: str choices: enable, disable
- fail_action_on_extender - Action on extender when interface fail . type: str choices: soft-restart, hard-restart, reboot
- fail_alert_interfaces - Names of the FortiGate interfaces from which the link failure alert is sent for this interface. type: list
- name - Names of the physical interfaces belonging to the aggregate or redundant interface. Source system.interface.name. type: str required: True
- fail_alert_method - Select link-failed-signal or link-down method to alert about a failed link. type: str choices: link-failed-signal, link-down
- fail_detect - Enable/disable fail detection features for this interface. type: str choices: enable, disable
- fail_detect_option - Options for detecting that this interface has failed. type: str choices: detectserver, link-down
- fortiheartbeat - Enable/disable FortiHeartBeat (FortiTelemetry on GUI). type: str choices: enable, disable
- fortilink - Enable FortiLink to dedicate this interface to manage other Fortinet devices. type: str choices: enable, disable
- fortilink_backup_link - fortilink split interface backup link. type: int
- fortilink_split_interface - Enable/disable FortiLink split interface to connect member link to different FortiSwitch in stack for uplink redundancy (maximum 2 interfaces in the "members" command). type: str choices: enable, disable
- fortilink_stacking - Enable/disable FortiLink switch-stacking on this interface. type: str choices: enable, disable
- forward_domain - Transparent mode forward domain. type: int
- gwdetect - Enable/disable detect gateway alive for first. type: str choices: enable, disable
- ha_priority - HA election priority for the PING server. type: int
- icmp_accept_redirect - Enable/disable ICMP accept redirect. type: str choices: enable, disable
- icmp_send_redirect - Enable/disable ICMP send redirect. type: str choices: enable, disable
- ident_accept - Enable/disable authentication for this interface. type: str choices: enable, disable
- idle_timeout - PPPoE auto disconnect after idle timeout seconds, 0 means no timeout. type: int
- inbandwidth - Bandwidth limit for incoming traffic (0 - 16776000 kbps), 0 means unlimited. type: int
- ingress_spillover_threshold - Ingress Spillover threshold (0 - 16776000 kbps). type: int
- interface - Interface name. Source system.interface.name. type: str
- internal - Implicitly created. type: int
- ip - Interface IPv4 address and subnet mask, syntax: X.X.X.X/24. type: str
- ipmac - Enable/disable IP/MAC binding. type: str choices: enable, disable
- ips_sniffer_mode - Enable/disable the use of this interface as a one-armed sniffer. type: str choices: enable, disable
- ipunnumbered - Unnumbered IP used for PPPoE interfaces for which no unique local address is provided. type: str
- ipv6 - IPv6 of interface. type: dict
- autoconf - Enable/disable address auto config. type: str choices: enable, disable
- dhcp6_client_options - DHCPv6 client options. type: str choices: rapid, iapd, iana
- dhcp6_information_request - Enable/disable DHCPv6 information request. type: str choices: enable, disable
- dhcp6_prefix_delegation - Enable/disable DHCPv6 prefix delegation. type: str choices: enable, disable
- dhcp6_prefix_hint - DHCPv6 prefix that will be used as a hint to the upstream DHCPv6 server. type: str
- dhcp6_prefix_hint_plt - DHCPv6 prefix hint preferred life time (sec), 0 means unlimited lease time. type: int
- dhcp6_prefix_hint_vlt - DHCPv6 prefix hint valid life time (sec). type: int
- dhcp6_relay_ip - DHCPv6 relay IP address. type: str
- dhcp6_relay_service - Enable/disable DHCPv6 relay. type: str choices: disable, enable
- dhcp6_relay_type - DHCPv6 relay type. type: str choices: regular
- ip6_address - Primary IPv6 address prefix, syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx type: str
- ip6_allowaccess - Allow management access to the interface. type: list choices: ping, https, ssh, snmp, http, telnet, fgfm, capwap
- ip6_default_life - Default life (sec). type: int
- ip6_delegated_prefix_list - Advertised IPv6 delegated prefix list. type: list
- autonomous_flag - Enable/disable the autonomous flag. type: str choices: enable, disable
- onlink_flag - Enable/disable the onlink flag. type: str choices: enable, disable
- prefix_id - Prefix ID. type: int
- rdnss - Recursive DNS server option. type: str
- rdnss_service - Recursive DNS service option. type: str choices: delegated, default, specify
- subnet - Add subnet ID to routing prefix. type: str
- upstream_interface - Name of the interface that provides delegated information. Source system.interface.name. type: str
- ip6_dns_server_override - Enable/disable using the DNS server acquired by DHCP. type: str choices: enable, disable
- ip6_extra_addr - Extra IPv6 address prefixes of interface. type: list
- prefix - IPv6 address prefix. type: str required: True
- ip6_hop_limit - Hop limit (0 means unspecified). type: int
- ip6_link_mtu - IPv6 link MTU. type: int
- ip6_manage_flag - Enable/disable the managed flag. type: str choices: enable, disable
- ip6_max_interval - IPv6 maximum interval (4 to 1800 sec). type: int
- ip6_min_interval - IPv6 minimum interval (3 to 1350 sec). type: int
- ip6_mode - Addressing mode (static, DHCP, delegated). type: str choices: static, dhcp, pppoe, delegated
- ip6_other_flag - Enable/disable the other IPv6 flag. type: str choices: enable, disable
- ip6_prefix_list - Advertised prefix list. type: list
- autonomous_flag - Enable/disable the autonomous flag. type: str choices: enable, disable
- dnssl - DNS search list option. type: list
- domain - Domain name. type: str required: True
- onlink_flag - Enable/disable the onlink flag. type: str choices: enable, disable
- preferred_life_time - Preferred life time (sec). type: int
- prefix - IPv6 prefix. type: str required: True
- rdnss - Recursive DNS server option. type: str
- valid_life_time - Valid life time (sec). type: int
- ip6_reachable_time - IPv6 reachable time (milliseconds; 0 means unspecified). type: int
- ip6_retrans_time - IPv6 retransmit time (milliseconds; 0 means unspecified). type: int
- ip6_send_adv - Enable/disable sending advertisements about the interface. type: str choices: enable, disable
- ip6_subnet - Subnet to routing prefix, syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx type: str
- ip6_upstream_interface - Interface name providing delegated information. Source system.interface.name. type: str
- nd_cert - Neighbor discovery certificate. Source certificate.local.name. type: str
- nd_cga_modifier - Neighbor discovery CGA modifier. type: str
- nd_mode - Neighbor discovery mode. type: str choices: basic, SEND-compatible
- nd_security_level - Neighbor discovery security level (0 - 7; 0 = least secure). type: int
- nd_timestamp_delta - Neighbor discovery timestamp delta value (1 - 3600 sec; ). type: int
- nd_timestamp_fuzz - Neighbor discovery timestamp fuzz factor (1 - 60 sec; ). type: int
- vrip6_link_local - Link-local IPv6 address of virtual router. type: str
- vrrp_virtual_mac6 - Enable/disable virtual MAC for VRRP. type: str choices: enable, disable
- vrrp6 - IPv6 VRRP configuration. type: list
- accept_mode - Enable/disable accept mode. type: str choices: enable, disable
- adv_interval - Advertisement interval (1 - 255 seconds). type: int
- preempt - Enable/disable preempt mode. type: str choices: enable, disable
- priority - Priority of the virtual router (1 - 255). type: int
- start_time - Startup time (1 - 255 seconds). type: int
- status - Enable/disable VRRP. type: str choices: enable, disable
- vrdst6 - Monitor the route to this destination. type: str
- vrgrp - VRRP group ID (1 - 65535). type: int
- vrid - Virtual router identifier (1 - 255). type: int required: True
- vrip6 - IPv6 address of the virtual router. type: str
- l2forward - Enable/disable l2 forwarding. type: str choices: enable, disable
- lacp_ha_slave - LACP HA slave. type: str choices: enable, disable
- lacp_mode - LACP mode. type: str choices: static, passive, active
- lacp_speed - How often the interface sends LACP messages. type: str choices: slow, fast
- lcp_echo_interval - Time in seconds between PPPoE Link Control Protocol (LCP) echo requests. type: int
- lcp_max_echo_fails - Maximum missed LCP echo messages before disconnect. type: int
- link_up_delay - Number of milliseconds to wait before considering a link is up. type: int
- lldp_transmission - Enable/disable Link Layer Discovery Protocol (LLDP) transmission. type: str choices: enable, disable, vdom
- macaddr - Change the interface"s MAC address. type: str
- managed_device - Available when FortiLink is enabled, used for managed devices through FortiLink interface. type: list
- name - Managed dev identifier. type: str required: True
- management_ip - High Availability in-band management IP address of this interface. type: str
- member - Physical interfaces that belong to the aggregate or redundant interface. type: list
- interface_name - Physical interface name. Source system.interface.name. type: str
- min_links - Minimum number of aggregated ports that must be up. type: int
- min_links_down - Action to take when less than the configured minimum number of links are active. type: str choices: operational, administrative
- mode - Addressing mode (static, DHCP, PPPoE). type: str choices: static, dhcp, pppoe
- mtu - MTU value for this interface. type: int
- mtu_override - Enable to set a custom MTU for this interface. type: str choices: enable, disable
- name - Name. type: str required: True
- ndiscforward - Enable/disable NDISC forwarding. type: str choices: enable, disable
- netbios_forward - Enable/disable NETBIOS forwarding. type: str choices: disable, enable
- netflow_sampler - Enable/disable NetFlow on this interface and set the data that NetFlow collects (rx, tx, or both). type: str choices: disable, tx, rx, both
- outbandwidth - Bandwidth limit for outgoing traffic (0 - 16776000 kbps). type: int
- padt_retry_timeout - PPPoE Active Discovery Terminate (PADT) used to terminate sessions after an idle time. type: int
- password - PPPoE account"s password. type: str
- ping_serv_status - PING server status. type: int
- polling_interval - sFlow polling interval (1 - 255 sec). type: int
- pppoe_unnumbered_negotiate - Enable/disable PPPoE unnumbered negotiation. type: str choices: enable, disable
- pptp_auth_type - PPTP authentication type. type: str choices: auto, pap, chap, mschapv1, mschapv2
- pptp_client - Enable/disable PPTP client. type: str choices: enable, disable
- pptp_password - PPTP password. type: str
- pptp_server_ip - PPTP server IP address. type: str
- pptp_timeout - Idle timer in minutes (0 for disabled). type: int
- pptp_user - PPTP user name. type: str
- preserve_session_route - Enable/disable preservation of session route when dirty. type: str choices: enable, disable
- priority - Priority of learned routes. type: int
- priority_override - Enable/disable fail back to higher priority port once recovered. type: str choices: enable, disable
- proxy_captive_portal - Enable/disable proxy captive portal on this interface. type: str choices: enable, disable
- redundant_interface - Redundant interface. type: str
- remote_ip - Remote IP address of tunnel. type: str
- replacemsg_override_group - Replacement message override group. type: str
- role - Interface role. type: str choices: lan, wan, dmz, undefined
- sample_direction - Data that NetFlow collects (rx, tx, or both). type: str choices: tx, rx, both
- sample_rate - sFlow sample rate (10 - 99999). type: int
- scan_botnet_connections - Enable monitoring or blocking connections to Botnet servers through this interface. type: str choices: disable, block, monitor
- secondary_IP - Enable/disable adding a secondary IP to this interface. type: str choices: enable, disable
- secondaryip - Second IP address of interface. type: list
- allowaccess - Management access settings for the secondary IP address. type: str choices: ping, https, ssh, snmp, http, telnet, fgfm, radius-acct, probe-response, capwap, ftm
- detectprotocol - Protocols used to detect the server. type: str choices: ping, tcp-echo, udp-echo
- detectserver - Gateway"s ping server for this IP. type: str
- gwdetect - Enable/disable detect gateway alive for first. type: str choices: enable, disable
- ha_priority - HA election priority for the PING server. type: int
- id - ID. type: int required: True
- ip - Secondary IP address of the interface. type: str
- ping_serv_status - PING server status. type: int
- security_exempt_list - Name of security-exempt-list. type: str
- security_external_logout - URL of external authentication logout server. type: str
- security_external_web - URL of external authentication web server. type: str
- security_groups - User groups that can authenticate with the captive portal. type: list
- name - Names of user groups that can authenticate with the captive portal. type: str required: True
- security_mac_auth_bypass - Enable/disable MAC authentication bypass. type: str choices: enable, disable
- security_mode - Turn on captive portal authentication for this interface. type: str choices: none, captive-portal, 802.1X
- security_redirect_url - URL redirection after disclaimer/authentication. type: str
- service_name - PPPoE service name. type: str
- sflow_sampler - Enable/disable sFlow on this interface. type: str choices: enable, disable
- snmp_index - Permanent SNMP Index of the interface. type: int
- speed - Interface speed. The default setting and the options available depend on the interface hardware. type: str choices: auto, 10full, 10half, 100full, 100half, 1000full, 1000half, 1000auto
- spillover_threshold - Egress Spillover threshold (0 - 16776000 kbps), 0 means unlimited. type: int
- src_check - Enable/disable source IP check. type: str choices: enable, disable
- status - Bring the interface up or shut the interface down. type: str choices: up, down
- stpforward - Enable/disable STP forwarding. type: str choices: enable, disable
- stpforward_mode - Configure STP forwarding mode. type: str choices: rpl-all-ext-id, rpl-bridge-ext-id, rpl-nothing
- subst - Enable to always send packets from this interface to a destination MAC address. type: str choices: enable, disable
- substitute_dst_mac - Destination MAC address that all packets are sent to from this interface. type: str
- switch - Contained in switch. type: str
- switch_controller_access_vlan - Block FortiSwitch port-to-port traffic. type: str choices: enable, disable
- switch_controller_arp_inspection - Enable/disable FortiSwitch ARP inspection. type: str choices: enable, disable
- switch_controller_dhcp_snooping - Switch controller DHCP snooping. type: str choices: enable, disable
- switch_controller_dhcp_snooping_option82 - Switch controller DHCP snooping option82. type: str choices: enable, disable
- switch_controller_dhcp_snooping_verify_mac - Switch controller DHCP snooping verify MAC. type: str choices: enable, disable
- switch_controller_igmp_snooping - Switch controller IGMP snooping. type: str choices: enable, disable
- switch_controller_learning_limit - Limit the number of dynamic MAC addresses on this VLAN (1 - 128, 0 = no limit, default). type: int
- tagging - Config object tagging. type: list
- category - Tag category. Source system.object-tagging.category. type: str
- name - Tagging entry name. type: str required: True
- tags - Tags. type: list
- name - Tag name. Source system.object-tagging.tags.name. type: str required: True
- tcp_mss - TCP maximum segment size. 0 means do not change segment size. type: int
- trust_ip_1 - Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts). type: str
- trust_ip_2 - Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts). type: str
- trust_ip_3 - Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts). type: str
- trust_ip6_1 - Trusted IPv6 host for dedicated management traffic (::/0 for all hosts). type: str
- trust_ip6_2 - Trusted IPv6 host for dedicated management traffic (::/0 for all hosts). type: str
- trust_ip6_3 - Trusted IPv6 host for dedicated management traffic (::/0 for all hosts). type: str
- type - Interface type. type: str choices: physical, vlan, aggregate, redundant, tunnel, vdom-link, loopback, switch, hard-switch, vap-switch, wl-mesh, fext-wan, vxlan, hdlc, switch-vlan
- username - Username of the PPPoE account, provided by your ISP. type: str
- vdom - Interface is in this virtual domain (VDOM). Source system.vdom.name. type: str
- vindex - Switch control interface VLAN ID. type: int
- vlanforward - Enable/disable traffic forwarding between VLANs on this interface. type: str choices: enable, disable
- vlanid - VLAN ID (1 - 4094). type: int
- vrf - Virtual Routing Forwarding ID. type: int
- vrrp - VRRP configuration. type: list
- accept_mode - Enable/disable accept mode. type: str choices: enable, disable
- adv_interval - Advertisement interval (1 - 255 seconds). type: int
- ignore_default_route - Enable/disable ignoring of default route when checking destination. type: str choices: enable, disable
- preempt - Enable/disable preempt mode. type: str choices: enable, disable
- priority - Priority of the virtual router (1 - 255). type: int
- proxy_arp - VRRP Proxy ARP configuration. type: list
- id - ID. type: int required: True
- ip - Set IP addresses of proxy ARP. type: str
- start_time - Startup time (1 - 255 seconds). type: int
- status - Enable/disable this VRRP configuration. type: str choices: enable, disable
- version - VRRP version. type: str choices: 2, 3
- vrdst - Monitor the route to this destination. type: str
- vrdst_priority - Priority of the virtual router when the virtual router destination becomes unreachable (0 - 254). type: int
- vrgrp - VRRP group ID (1 - 65535). type: int
- vrid - Virtual router identifier (1 - 255). type: int required: True
- vrip - IP address of the virtual router. type: str
- vrrp_virtual_mac - Enable/disable use of virtual MAC for VRRP. type: str choices: enable, disable
- wccp - Enable/disable WCCP on this interface. Used for encapsulated WCCP communication between WCCP clients and servers. type: str choices: enable, disable
- weight - Default weight for static routes (if route has no weight configured). type: int
- wins_ip - WINS server IP. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure interfaces.
fortios_system_interface:
vdom: "{{ vdom }}"
state: "present"
system_interface:
ac_name: "<your_own_value>"
aggregate: "<your_own_value>"
algorithm: "L2"
alias: "<your_own_value>"
allowaccess: "ping"
ap_discover: "enable"
arpforward: "enable"
auth_type: "auto"
auto_auth_extension_device: "enable"
bfd: "global"
bfd_desired_min_tx: "13"
bfd_detect_mult: "14"
bfd_required_min_rx: "15"
broadcast_forticlient_discovery: "enable"
broadcast_forward: "enable"
captive_portal: "18"
cli_conn_status: "19"
color: "20"
dedicated_to: "none"
defaultgw: "enable"
description: "<your_own_value>"
detected_peer_mtu: "24"
detectprotocol: "ping"
detectserver: "<your_own_value>"
device_access_list: "<your_own_value>"
device_identification: "enable"
device_identification_active_scan: "enable"
device_netscan: "disable"
device_user_identification: "enable"
devindex: "32"
dhcp_client_identifier: "myId_33"
dhcp_relay_agent_option: "enable"
dhcp_relay_ip: "<your_own_value>"
dhcp_relay_service: "disable"
dhcp_relay_type: "regular"
dhcp_renew_time: "38"
disc_retry_timeout: "39"
disconnect_threshold: "40"
distance: "41"
dns_server_override: "enable"
drop_fragment: "enable"
drop_overlapped_fragment: "enable"
egress_shaping_profile: "<your_own_value>"
endpoint_compliance: "enable"
estimated_downstream_bandwidth: "47"
estimated_upstream_bandwidth: "48"
explicit_ftp_proxy: "enable"
explicit_web_proxy: "enable"
external: "enable"
fail_action_on_extender: "soft-restart"
fail_alert_interfaces:
-
name: "default_name_54 (source system.interface.name)"
fail_alert_method: "link-failed-signal"
fail_detect: "enable"
fail_detect_option: "detectserver"
fortiheartbeat: "enable"
fortilink: "enable"
fortilink_backup_link: "60"
fortilink_split_interface: "enable"
fortilink_stacking: "enable"
forward_domain: "63"
gwdetect: "enable"
ha_priority: "65"
icmp_accept_redirect: "enable"
icmp_send_redirect: "enable"
ident_accept: "enable"
idle_timeout: "69"
inbandwidth: "70"
ingress_spillover_threshold: "71"
interface: "<your_own_value> (source system.interface.name)"
internal: "73"
ip: "<your_own_value>"
ipmac: "enable"
ips_sniffer_mode: "enable"
ipunnumbered: "<your_own_value>"
ipv6:
autoconf: "enable"
dhcp6_client_options: "rapid"
dhcp6_information_request: "enable"
dhcp6_prefix_delegation: "enable"
dhcp6_prefix_hint: "<your_own_value>"
dhcp6_prefix_hint_plt: "84"
dhcp6_prefix_hint_vlt: "85"
dhcp6_relay_ip: "<your_own_value>"
dhcp6_relay_service: "disable"
dhcp6_relay_type: "regular"
ip6_address: "<your_own_value>"
ip6_allowaccess: "ping"
ip6_default_life: "91"
ip6_delegated_prefix_list:
-
autonomous_flag: "enable"
onlink_flag: "enable"
prefix_id: "95"
rdnss: "<your_own_value>"
rdnss_service: "delegated"
subnet: "<your_own_value>"
upstream_interface: "<your_own_value> (source system.interface.name)"
ip6_dns_server_override: "enable"
ip6_extra_addr:
-
prefix: "<your_own_value>"
ip6_hop_limit: "103"
ip6_link_mtu: "104"
ip6_manage_flag: "enable"
ip6_max_interval: "106"
ip6_min_interval: "107"
ip6_mode: "static"
ip6_other_flag: "enable"
ip6_prefix_list:
-
autonomous_flag: "enable"
dnssl:
-
domain: "<your_own_value>"
onlink_flag: "enable"
preferred_life_time: "115"
prefix: "<your_own_value>"
rdnss: "<your_own_value>"
valid_life_time: "118"
ip6_reachable_time: "119"
ip6_retrans_time: "120"
ip6_send_adv: "enable"
ip6_subnet: "<your_own_value>"
ip6_upstream_interface: "<your_own_value> (source system.interface.name)"
nd_cert: "<your_own_value> (source certificate.local.name)"
nd_cga_modifier: "<your_own_value>"
nd_mode: "basic"
nd_security_level: "127"
nd_timestamp_delta: "128"
nd_timestamp_fuzz: "129"
vrip6_link_local: "<your_own_value>"
vrrp_virtual_mac6: "enable"
vrrp6:
-
accept_mode: "enable"
adv_interval: "134"
preempt: "enable"
priority: "136"
start_time: "137"
status: "enable"
vrdst6: "<your_own_value>"
vrgrp: "140"
vrid: "141"
vrip6: "<your_own_value>"
l2forward: "enable"
lacp_ha_slave: "enable"
lacp_mode: "static"
lacp_speed: "slow"
lcp_echo_interval: "147"
lcp_max_echo_fails: "148"
link_up_delay: "149"
lldp_transmission: "enable"
macaddr: "<your_own_value>"
managed_device:
-
name: "default_name_153"
management_ip: "<your_own_value>"
member:
-
interface_name: "<your_own_value> (source system.interface.name)"
min_links: "157"
min_links_down: "operational"
mode: "static"
mtu: "160"
mtu_override: "enable"
name: "default_name_162"
ndiscforward: "enable"
netbios_forward: "disable"
netflow_sampler: "disable"
outbandwidth: "166"
padt_retry_timeout: "167"
password: "<your_own_value>"
ping_serv_status: "169"
polling_interval: "170"
pppoe_unnumbered_negotiate: "enable"
pptp_auth_type: "auto"
pptp_client: "enable"
pptp_password: "<your_own_value>"
pptp_server_ip: "<your_own_value>"
pptp_timeout: "176"
pptp_user: "<your_own_value>"
preserve_session_route: "enable"
priority: "179"
priority_override: "enable"
proxy_captive_portal: "enable"
redundant_interface: "<your_own_value>"
remote_ip: "<your_own_value>"
replacemsg_override_group: "<your_own_value>"
role: "lan"
sample_direction: "tx"
sample_rate: "187"
scan_botnet_connections: "disable"
secondary_IP: "enable"
secondaryip:
-
allowaccess: "ping"
detectprotocol: "ping"
detectserver: "<your_own_value>"
gwdetect: "enable"
ha_priority: "195"
id: "196"
ip: "<your_own_value>"
ping_serv_status: "198"
security_exempt_list: "<your_own_value>"
security_external_logout: "<your_own_value>"
security_external_web: "<your_own_value>"
security_groups:
-
name: "default_name_203"
security_mac_auth_bypass: "enable"
security_mode: "none"
security_redirect_url: "<your_own_value>"
service_name: "<your_own_value>"
sflow_sampler: "enable"
snmp_index: "209"
speed: "auto"
spillover_threshold: "211"
src_check: "enable"
status: "up"
stpforward: "enable"
stpforward_mode: "rpl-all-ext-id"
subst: "enable"
substitute_dst_mac: "<your_own_value>"
switch: "<your_own_value>"
switch_controller_access_vlan: "enable"
switch_controller_arp_inspection: "enable"
switch_controller_dhcp_snooping: "enable"
switch_controller_dhcp_snooping_option82: "enable"
switch_controller_dhcp_snooping_verify_mac: "enable"
switch_controller_igmp_snooping: "enable"
switch_controller_learning_limit: "225"
tagging:
-
category: "<your_own_value> (source system.object-tagging.category)"
name: "default_name_228"
tags:
-
name: "default_name_230 (source system.object-tagging.tags.name)"
tcp_mss: "231"
trust_ip_1: "<your_own_value>"
trust_ip_2: "<your_own_value>"
trust_ip_3: "<your_own_value>"
trust_ip6_1: "<your_own_value>"
trust_ip6_2: "<your_own_value>"
trust_ip6_3: "<your_own_value>"
type: "physical"
username: "<your_own_value>"
vdom: "<your_own_value> (source system.vdom.name)"
vindex: "241"
vlanforward: "enable"
vlanid: "243"
vrf: "244"
vrrp:
-
accept_mode: "enable"
adv_interval: "247"
ignore_default_route: "enable"
preempt: "enable"
priority: "250"
proxy_arp:
-
id: "252"
ip: "<your_own_value>"
start_time: "254"
status: "enable"
version: "2"
vrdst: "<your_own_value>"
vrdst_priority: "258"
vrgrp: "259"
vrid: "260"
vrip: "<your_own_value>"
vrrp_virtual_mac: "enable"
wccp: "enable"
weight: "264"
wins_ip: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_ipip_tunnel – Configure IP in IP Tunneling in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and ipip_tunnel category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_ipip_tunnel - Configure IP in IP Tunneling. type: dict
- interface - Interface name that is associated with the incoming traffic from available options. Source system.interface.name. type: str
- local_gw - IPv4 address for the local gateway. type: str
- name - IPIP Tunnel name. type: str required: True
- remote_gw - IPv4 address for the remote gateway. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IP in IP Tunneling.
fortios_system_ipip_tunnel:
vdom: "{{ vdom }}"
state: "present"
system_ipip_tunnel:
interface: "<your_own_value> (source system.interface.name)"
local_gw: "<your_own_value>"
name: "default_name_5"
remote_gw: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_ips_urlfilter_dns – Configure IPS URL filter DNS servers in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and ips_urlfilter_dns category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_ips_urlfilter_dns - Configure IPS URL filter DNS servers. type: dict
- address - DNS server IP address. type: str required: True
- ipv6_capability - Enable/disable this server for IPv6 queries. type: str choices: enable, disable
- status - Enable/disable using this DNS server for IPS URL filter DNS queries. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IPS URL filter DNS servers.
fortios_system_ips_urlfilter_dns:
vdom: "{{ vdom }}"
state: "present"
system_ips_urlfilter_dns:
address: "<your_own_value>"
ipv6_capability: "enable"
status: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_ips_urlfilter_dns6 – Configure IPS URL filter IPv6 DNS servers in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and ips_urlfilter_dns6 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_ips_urlfilter_dns6 - Configure IPS URL filter IPv6 DNS servers. type: dict
- address6 - IPv6 address of DNS server. type: str required: True
- status - Enable/disable this server for IPv6 DNS queries. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IPS URL filter IPv6 DNS servers.
fortios_system_ips_urlfilter_dns6:
vdom: "{{ vdom }}"
state: "present"
system_ips_urlfilter_dns6:
address6: "<your_own_value>"
status: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_ipv6_neighbor_cache – Configure IPv6 neighbor cache table in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and ipv6_neighbor_cache category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_ipv6_neighbor_cache - Configure IPv6 neighbor cache table. type: dict
- id - Unique integer ID of the entry. type: int required: True
- interface - Select the associated interface name from available options. Source system.interface.name. type: str
- ipv6 - IPv6 address (format: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx). type: str
- mac - MAC address (format: xx:xx:xx:xx:xx:xx). type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IPv6 neighbor cache table.
fortios_system_ipv6_neighbor_cache:
vdom: "{{ vdom }}"
state: "present"
system_ipv6_neighbor_cache:
id: "3"
interface: "<your_own_value> (source system.interface.name)"
ipv6: "<your_own_value>"
mac: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_ipv6_tunnel – Configure IPv6/IPv4 in IPv6 tunnel in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and ipv6_tunnel category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_ipv6_tunnel - Configure IPv6/IPv4 in IPv6 tunnel. type: dict
- destination - Remote IPv6 address of the tunnel. type: str
- interface - Interface name. Source system.interface.name. type: str
- name - IPv6 tunnel name. type: str required: True
- source - Local IPv6 address of the tunnel. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IPv6/IPv4 in IPv6 tunnel.
fortios_system_ipv6_tunnel:
vdom: "{{ vdom }}"
state: "present"
system_ipv6_tunnel:
destination: "<your_own_value>"
interface: "<your_own_value> (source system.interface.name)"
name: "default_name_5"
source: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_link_monitor – Configure Link Health Monitor in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and link_monitor category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_link_monitor - Configure Link Health Monitor. type: dict
- addr_mode - Address mode (IPv4 or IPv6). type: str choices: ipv4, ipv6
- failtime - Number of retry attempts before the server is considered down (1 - 10) type: int
- gateway_ip - Gateway IP address used to probe the server. type: str
- gateway_ip6 - Gateway IPv6 address used to probe the server. type: str
- ha_priority - HA election priority (1 - 50). type: int
- http_agent - String in the http-agent field in the HTTP header. type: str
- http_get - If you are monitoring an HTML server you can send an HTTP-GET request with a custom string. Use this option to define the string. type: str
- http_match - String that you expect to see in the HTTP-GET requests of the traffic to be monitored. type: str
- interval - Detection interval (1 - 3600 sec). type: int
- name - Link monitor name. type: str required: True
- packet_size - Packet size of a twamp test session, type: int
- password - Twamp controller password in authentication mode type: str
- port - Port number of the traffic to be used to monitor the server. type: int
- protocol - Protocols used to monitor the server. type: str choices: ping, tcp-echo, udp-echo, http, twamp, ping6
- recoverytime - Number of successful responses received before server is considered recovered (1 - 10). type: int
- security_mode - Twamp controller security mode. type: str choices: none, authentication
- server - IP address of the server(s) to be monitored. type: list
- address - Server address. type: str required: True
- source_ip - Source IP address used in packet to the server. type: str
- source_ip6 - Source IPv6 address used in packet to the server. type: str
- srcintf - Interface that receives the traffic to be monitored. Source system.interface.name. type: str
- status - Enable/disable this link monitor. type: str choices: enable, disable
- update_cascade_interface - Enable/disable update cascade interface. type: str choices: enable, disable
- update_static_route - Enable/disable updating the static route. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure Link Health Monitor.
fortios_system_link_monitor:
vdom: "{{ vdom }}"
state: "present"
system_link_monitor:
addr_mode: "ipv4"
failtime: "4"
gateway_ip: "<your_own_value>"
gateway_ip6: "<your_own_value>"
ha_priority: "7"
http_agent: "<your_own_value>"
http_get: "<your_own_value>"
http_match: "<your_own_value>"
interval: "11"
name: "default_name_12"
packet_size: "13"
password: "<your_own_value>"
port: "15"
protocol: "ping"
recoverytime: "17"
security_mode: "none"
server:
-
address: "<your_own_value>"
source_ip: "84.230.14.43"
source_ip6: "<your_own_value>"
srcintf: "<your_own_value> (source system.interface.name)"
status: "enable"
update_cascade_interface: "enable"
update_static_route: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_lte_modem – Configure USB LTE/WIMAX devices in Fortinet’s FortiOS and FortiGate.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and lte_modem category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- system_lte_modem - Configure USB LTE/WIMAX devices. type: dict
- apn - Login APN string for PDP-IP packet data calls. type: str
- authtype - Authentication type for PDP-IP packet data calls. type: str choices: none, pap, chap
- extra_init - Extra initialization string for USB LTE/WIMAX devices. type: str
- holddown_timer - Hold down timer (10 - 60 sec). type: int
- interface - The interface that the modem is acting as a redundant interface for. Source system.interface.name. type: str
- mode - Modem operation mode. type: str choices: standalone, redundant
- modem_port - Modem port index (0 - 20). type: int
- passwd - Authentication password for PDP-IP packet data calls. type: str
- status - Enable/disable USB LTE/WIMAX device. type: str choices: enable, disable
- username - Authentication username for PDP-IP packet data calls. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure USB LTE/WIMAX devices.
fortios_system_lte_modem:
vdom: "{{ vdom }}"
system_lte_modem:
apn: "<your_own_value>"
authtype: "none"
extra_init: "<your_own_value>"
holddown_timer: "6"
interface: "<your_own_value> (source system.interface.name)"
mode: "standalone"
modem_port: "9"
passwd: "<your_own_value>"
status: "enable"
username: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_mac_address_table – Configure MAC address tables in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and mac_address_table category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_mac_address_table - Configure MAC address tables. type: dict
- interface - Interface name. Source system.interface.name. type: str
- mac - MAC address. type: str required: True
- reply_substitute - New MAC for reply traffic. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure MAC address tables.
fortios_system_mac_address_table:
vdom: "{{ vdom }}"
state: "present"
system_mac_address_table:
interface: "<your_own_value> (source system.interface.name)"
mac: "<your_own_value>"
reply_substitute: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_management_tunnel – Management tunnel configuration in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and management_tunnel category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- system_management_tunnel - Management tunnel configuration. type: dict
- allow_collect_statistics - Enable/disable collection of run time statistics. type: str choices: enable, disable
- allow_config_restore - Enable/disable allow config restore. type: str choices: enable, disable
- allow_push_configuration - Enable/disable push configuration. type: str choices: enable, disable
- allow_push_firmware - Enable/disable push firmware. type: str choices: enable, disable
- authorized_manager_only - Enable/disable restriction of authorized manager only. type: str choices: enable, disable
- serial_number - Serial number. type: str
- status - Enable/disable FGFM tunnel. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Management tunnel configuration.
fortios_system_management_tunnel:
vdom: "{{ vdom }}"
system_management_tunnel:
allow_collect_statistics: "enable"
allow_config_restore: "enable"
allow_push_configuration: "enable"
allow_push_firmware: "enable"
authorized_manager_only: "enable"
serial_number: "<your_own_value>"
status: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_mobile_tunnel – Configure Mobile tunnels, an implementation of Network Mobility (NEMO) extensions for Mobile IPv4 RFC5177 in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and mobile_tunnel category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_mobile_tunnel - Configure Mobile tunnels, an implementation of Network Mobility (NEMO) extensions for Mobile IPv4 RFC5177. type: dict
- hash_algorithm - Hash Algorithm (Keyed MD5). type: str choices: hmac-md5
- home_address - Home IP address (Format: xxx.xxx.xxx.xxx). type: str
- home_agent - IPv4 address of the NEMO HA (Format: xxx.xxx.xxx.xxx). type: str
- lifetime - NMMO HA registration request lifetime (180 - 65535 sec). type: int
- n_mhae_key - NEMO authentication key. type: str
- n_mhae_key_type - NEMO authentication key type (ascii or base64). type: str choices: ascii, base64
- n_mhae_spi - NEMO authentication SPI . type: int
- name - Tunnel name. type: str required: True
- network - NEMO network configuration. type: list
- id - Network entry ID. type: int required: True
- interface - Select the associated interface name from available options. Source system.interface.name. type: str
- prefix - Class IP and Netmask with correction (Format:xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx or xxx.xxx.xxx.xxx/x). type: str
- reg_interval - NMMO HA registration interval (5 - 300). type: int
- reg_retry - Maximum number of NMMO HA registration retries (1 to 30). type: int
- renew_interval - Time before lifetime expiraton to send NMMO HA re-registration (5 - 60). type: int
- roaming_interface - Select the associated interface name from available options. Source system.interface.name. type: str
- status - Enable/disable this mobile tunnel. type: str choices: disable, enable
- tunnel_mode - NEMO tunnnel mode (GRE tunnel). type: str choices: gre
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure Mobile tunnels, an implementation of Network Mobility (NEMO) extensions for Mobile IPv4 RFC5177.
fortios_system_mobile_tunnel:
vdom: "{{ vdom }}"
state: "present"
system_mobile_tunnel:
hash_algorithm: "hmac-md5"
home_address: "<your_own_value>"
home_agent: "<your_own_value>"
lifetime: "6"
n_mhae_key: "<your_own_value>"
n_mhae_key_type: "ascii"
n_mhae_spi: "9"
name: "default_name_10"
network:
-
id: "12"
interface: "<your_own_value> (source system.interface.name)"
prefix: "<your_own_value>"
reg_interval: "15"
reg_retry: "16"
renew_interval: "17"
roaming_interface: "<your_own_value> (source system.interface.name)"
status: "disable"
tunnel_mode: "gre"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_modem – Configure MODEM in Fortinet’s FortiOS and FortiGate.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and modem category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- system_modem - Configure MODEM. type: dict
- action - Dial up/stop MODEM. type: str choices: dial, stop, none
- altmode - Enable/disable altmode for installations using PPP in China. type: str choices: enable, disable
- authtype1 - Allowed authentication types for ISP 1. type: str choices: pap, chap, mschap, mschapv2
- authtype2 - Allowed authentication types for ISP 2. type: str choices: pap, chap, mschap, mschapv2
- authtype3 - Allowed authentication types for ISP 3. type: str choices: pap, chap, mschap, mschapv2
- auto_dial - Enable/disable auto-dial after a reboot or disconnection. type: str choices: enable, disable
- connect_timeout - Connection completion timeout (30 - 255 sec). type: int
- dial_cmd1 - Dial command (this is often an ATD or ATDT command). type: str
- dial_cmd2 - Dial command (this is often an ATD or ATDT command). type: str
- dial_cmd3 - Dial command (this is often an ATD or ATDT command). type: str
- dial_on_demand - Enable/disable to dial the modem when packets are routed to the modem interface. type: str choices: enable, disable
- distance - Distance of learned routes (1 - 255). type: int
- dont_send_CR1 - Do not send CR when connected (ISP1). type: str choices: enable, disable
- dont_send_CR2 - Do not send CR when connected (ISP2). type: str choices: enable, disable
- dont_send_CR3 - Do not send CR when connected (ISP3). type: str choices: enable, disable
- extra_init1 - Extra initialization string to ISP 1. type: str
- extra_init2 - Extra initialization string to ISP 2. type: str
- extra_init3 - Extra initialization string to ISP 3. type: str
- holddown_timer - Hold down timer in seconds (1 - 60 sec). type: int
- idle_timer - MODEM connection idle time (1 - 9999 min). type: int
- interface - Name of redundant interface. Source system.interface.name. type: str
- lockdown_lac - Allow connection only to the specified Location Area Code (LAC). type: str
- mode - Set MODEM operation mode to redundant or standalone. type: str choices: standalone, redundant
- network_init - AT command to set the Network name/type (AT+COPS=
,[ , [, ]]). type: str - passwd1 - Password to access the specified dialup account. type: str
- passwd2 - Password to access the specified dialup account. type: str
- passwd3 - Password to access the specified dialup account. type: str
- peer_modem1 - Specify peer MODEM type for phone1. type: str choices: generic, actiontec, ascend_TNT
- peer_modem2 - Specify peer MODEM type for phone2. type: str choices: generic, actiontec, ascend_TNT
- peer_modem3 - Specify peer MODEM type for phone3. type: str choices: generic, actiontec, ascend_TNT
- phone1 - Phone number to connect to the dialup account (must not contain spaces, and should include standard special characters). type: str
- phone2 - Phone number to connect to the dialup account (must not contain spaces, and should include standard special characters). type: str
- phone3 - Phone number to connect to the dialup account (must not contain spaces, and should include standard special characters). type: str
- pin_init - AT command to set the PIN (AT+PIN=
). type: str - ppp_echo_request1 - Enable/disable PPP echo-request to ISP 1. type: str choices: enable, disable
- ppp_echo_request2 - Enable/disable PPP echo-request to ISP 2. type: str choices: enable, disable
- ppp_echo_request3 - Enable/disable PPP echo-request to ISP 3. type: str choices: enable, disable
- priority - Priority of learned routes (0 - 4294967295). type: int
- redial - Redial limit (1 - 10 attempts, none = redial forever). type: str choices: none, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10
- reset - Number of dial attempts before resetting modem (0 = never reset). type: int
- status - Enable/disable Modem support (equivalent to bringing an interface up or down). type: str choices: enable, disable
- traffic_check - Enable/disable traffic-check. type: str choices: enable, disable
- username1 - User name to access the specified dialup account. type: str
- username2 - User name to access the specified dialup account. type: str
- username3 - User name to access the specified dialup account. type: str
- wireless_port - Enter wireless port number, 0 for default, 1 for first port, ... (0 - 4294967295) type: int
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure MODEM.
fortios_system_modem:
vdom: "{{ vdom }}"
system_modem:
action: "dial"
altmode: "enable"
authtype1: "pap"
authtype2: "pap"
authtype3: "pap"
auto_dial: "enable"
connect_timeout: "9"
dial_cmd1: "<your_own_value>"
dial_cmd2: "<your_own_value>"
dial_cmd3: "<your_own_value>"
dial_on_demand: "enable"
distance: "14"
dont_send_CR1: "enable"
dont_send_CR2: "enable"
dont_send_CR3: "enable"
extra_init1: "<your_own_value>"
extra_init2: "<your_own_value>"
extra_init3: "<your_own_value>"
holddown_timer: "21"
idle_timer: "22"
interface: "<your_own_value> (source system.interface.name)"
lockdown_lac: "<your_own_value>"
mode: "standalone"
network_init: "<your_own_value>"
passwd1: "<your_own_value>"
passwd2: "<your_own_value>"
passwd3: "<your_own_value>"
peer_modem1: "generic"
peer_modem2: "generic"
peer_modem3: "generic"
phone1: "<your_own_value>"
phone2: "<your_own_value>"
phone3: "<your_own_value>"
pin_init: "<your_own_value>"
ppp_echo_request1: "enable"
ppp_echo_request2: "enable"
ppp_echo_request3: "enable"
priority: "40"
redial: "none"
reset: "42"
status: "enable"
traffic_check: "enable"
username1: "<your_own_value>"
username2: "<your_own_value>"
username3: "<your_own_value>"
wireless_port: "48"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_nat64 – Configure NAT64 in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and nat64 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- system_nat64 - Configure NAT64. type: dict
- always_synthesize_aaaa_record - Enable/disable AAAA record synthesis . type: str choices: enable, disable
- generate_ipv6_fragment_header - Enable/disable IPv6 fragment header generation. type: str choices: enable, disable
- nat46_force_ipv4_packet_forwarding - Enable/disable mandatory IPv4 packet forwarding in nat46. type: str choices: enable, disable
- nat64_prefix - NAT64 prefix must be ::/96 . type: str
- secondary_prefix - Secondary NAT64 prefix. type: list
- name - NAT64 prefix name. type: str required: True
- nat64_prefix - NAT64 prefix. type: str
- secondary_prefix_status - Enable/disable secondary NAT64 prefix. type: str choices: enable, disable
- status - Enable/disable NAT64 . type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure NAT64.
fortios_system_nat64:
vdom: "{{ vdom }}"
system_nat64:
always_synthesize_aaaa_record: "enable"
generate_ipv6_fragment_header: "enable"
nat46_force_ipv4_packet_forwarding: "enable"
nat64_prefix: "<your_own_value>"
secondary_prefix:
-
name: "default_name_8"
nat64_prefix: "<your_own_value>"
secondary_prefix_status: "enable"
status: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_nd_proxy – Configure IPv6 neighbor discovery proxy (RFC4389) in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and nd_proxy category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- system_nd_proxy - Configure IPv6 neighbor discovery proxy (RFC4389). type: dict
- member - Interfaces using the neighbor discovery proxy. type: list
- interface_name - Interface name. Source system.interface.name. type: str
- status - Enable/disable neighbor discovery proxy. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IPv6 neighbor discovery proxy (RFC4389).
fortios_system_nd_proxy:
vdom: "{{ vdom }}"
system_nd_proxy:
member:
-
interface_name: "<your_own_value> (source system.interface.name)"
status: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_netflow – Configure NetFlow in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and netflow category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- system_netflow - Configure NetFlow. type: dict
- active_flow_timeout - Timeout to report active flows (1 - 60 min). type: int
- collector_ip - Collector IP. type: str
- collector_port - NetFlow collector port number. type: int
- inactive_flow_timeout - Timeout for periodic report of finished flows (10 - 600 sec). type: int
- source_ip - Source IP address for communication with the NetFlow agent. type: str
- template_tx_counter - Counter of flowset records before resending a template flowset record. type: int
- template_tx_timeout - Timeout for periodic template flowset transmission (1 - 1440 min). type: int
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure NetFlow.
fortios_system_netflow:
vdom: "{{ vdom }}"
system_netflow:
active_flow_timeout: "3"
collector_ip: "<your_own_value>"
collector_port: "5"
inactive_flow_timeout: "6"
source_ip: "84.230.14.43"
template_tx_counter: "8"
template_tx_timeout: "9"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_network_visibility – Configure network visibility settings in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and network_visibility category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- system_network_visibility - Configure network visibility settings. type: dict
- destination_hostname_visibility - Enable/disable logging of destination hostname visibility. type: str choices: disable, enable
- destination_location - Enable/disable logging of destination geographical location visibility. type: str choices: disable, enable
- destination_visibility - Enable/disable logging of destination visibility. type: str choices: disable, enable
- hostname_limit - Limit of the number of hostname table entries (0 - 50000). type: int
- hostname_ttl - TTL of hostname table entries (60 - 86400). type: int
- source_location - Enable/disable logging of source geographical location visibility. type: str choices: disable, enable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure network visibility settings.
fortios_system_network_visibility:
vdom: "{{ vdom }}"
system_network_visibility:
destination_hostname_visibility: "disable"
destination_location: "disable"
destination_visibility: "disable"
hostname_limit: "6"
hostname_ttl: "7"
source_location: "disable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_npu – Configure NPU attributes in Fortinet’s FortiOS and FortiGate.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and npu category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- system_npu - Configure NPU attributes. type: dict
- iph_rsvd_re_cksum - Enable/disable IP checksum re-calculation for packets with iph.reserved bit set. type: str choices: enable, disable
- per_session_accounting - Enable/disable per-session accounting. type: str choices: disable, traffic-log-only, enable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure NPU attributes.
fortios_system_npu:
vdom: "{{ vdom }}"
system_npu:
iph_rsvd_re_cksum: "enable"
per_session_accounting: "disable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_ntp – Configure system NTP information in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and ntp category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- system_ntp - Configure system NTP information. type: dict
- interface - FortiGate interface(s) with NTP server mode enabled. Devices on your network can contact these interfaces for NTP services. type: list
- interface_name - Interface name. Source system.interface.name. type: str
- ntpserver - Configure the FortiGate to connect to any available third-party NTP server. type: list
- authentication - Enable/disable MD5 authentication. type: str choices: enable, disable
- id - NTP server ID. type: int required: True
- key - Key for MD5 authentication. type: str
- key_id - Key ID for authentication. type: int
- ntpv3 - Enable to use NTPv3 instead of NTPv4. type: str choices: enable, disable
- server - IP address or hostname of the NTP Server. type: str
- ntpsync - Enable/disable setting the FortiGate system time by synchronizing with an NTP Server. type: str choices: enable, disable
- server_mode - Enable/disable FortiGate NTP Server Mode. Your FortiGate becomes an NTP server for other devices on your network. The FortiGate relays NTP requests to its configured NTP server. type: str choices: enable, disable
- source_ip - Source IP address for communication to the NTP server. type: str
- source_ip6 - Source IPv6 address for communication to the NTP server. type: str
- syncinterval - NTP synchronization interval (1 - 1440 min). type: int
- type - Use the FortiGuard NTP server or any other available NTP Server. type: str choices: fortiguard, custom
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure system NTP information.
fortios_system_ntp:
vdom: "{{ vdom }}"
system_ntp:
interface:
-
interface_name: "<your_own_value> (source system.interface.name)"
ntpserver:
-
authentication: "enable"
id: "7"
key: "<your_own_value>"
key_id: "9"
ntpv3: "enable"
server: "192.168.100.40"
ntpsync: "enable"
server_mode: "enable"
source_ip: "84.230.14.43"
source_ip6: "<your_own_value>"
syncinterval: "16"
type: "fortiguard"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_object_tagging – Configure object tagging in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and object_tagging category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_object_tagging - Configure object tagging. type: dict
- address - Address. type: str choices: disable, mandatory, optional
- category - Tag Category. type: str required: True
- color - Color of icon on the GUI. type: int
- device - Device. type: str choices: disable, mandatory, optional
- interface - Interface. type: str choices: disable, mandatory, optional
- multiple - Allow multiple tag selection. type: str choices: enable, disable
- tags - Tags. type: list
- name - Tag name. type: str required: True
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure object tagging.
fortios_system_object_tagging:
vdom: "{{ vdom }}"
state: "present"
system_object_tagging:
address: "disable"
category: "<your_own_value>"
color: "5"
device: "disable"
interface: "disable"
multiple: "enable"
tags:
-
name: "default_name_10"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_password_policy_guest_admin – Configure the password policy for guest administrators in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and password_policy_guest_admin category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- system_password_policy_guest_admin - Configure the password policy for guest administrators. type: dict
- apply_to - Guest administrator to which this password policy applies. type: str choices: guest-admin-password
- change_4_characters - Enable/disable changing at least 4 characters for a new password (This attribute overrides reuse-password if both are enabled). type: str choices: enable, disable
- expire_day - Number of days after which passwords expire (1 - 999 days). type: int
- expire_status - Enable/disable password expiration. type: str choices: enable, disable
- min_lower_case_letter - Minimum number of lowercase characters in password (0 - 128). type: int
- min_non_alphanumeric - Minimum number of non-alphanumeric characters in password (0 - 128). type: int
- min_number - Minimum number of numeric characters in password (0 - 128). type: int
- min_upper_case_letter - Minimum number of uppercase characters in password (0 - 128). type: int
- minimum_length - Minimum password length (8 - 128). type: int
- reuse_password - Enable/disable reusing of password (if both reuse-password and change-4-characters are enabled, change-4-characters overrides). type: str choices: enable, disable
- status - Enable/disable setting a password policy for locally defined administrator passwords and IPsec VPN pre-shared keys. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure the password policy for guest administrators.
fortios_system_password_policy_guest_admin:
vdom: "{{ vdom }}"
system_password_policy_guest_admin:
apply_to: "guest-admin-password"
change_4_characters: "enable"
expire_day: "5"
expire_status: "enable"
min_lower_case_letter: "7"
min_non_alphanumeric: "8"
min_number: "9"
min_upper_case_letter: "10"
minimum_length: "11"
reuse_password: "enable"
status: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_physical_switch – Configure physical switches in Fortinet’s FortiOS and FortiGate.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and physical_switch category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_physical_switch - Configure physical switches. type: dict
- age_enable - Enable/disable layer 2 age timer. type: str choices: enable, disable
- age_val - Layer 2 table age timer Value. type: int
- name - Name. type: str required: True
- port - Configure member ports. type: list
- name - Physical port name. type: str required: True
- speed - Speed. type: str choices: auto, 10full, 10half, 100full, 100half, 1000full, 1000half, 1000auto
- status - Interface status. type: str choices: up, down
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure physical switches.
fortios_system_physical_switch:
vdom: "{{ vdom }}"
state: "present"
system_physical_switch:
age_enable: "enable"
age_val: "4"
name: "default_name_5"
port:
-
name: "default_name_7"
speed: "auto"
status: "up"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_pppoe_interface – Configure the PPPoE interfaces in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and pppoe_interface category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_pppoe_interface - Configure the PPPoE interfaces. type: dict
- ac_name - PPPoE AC name. type: str
- auth_type - PPP authentication type to use. type: str choices: auto, pap, chap, mschapv1, mschapv2
- device - Name for the physical interface. Source system.interface.name. type: str
- dial_on_demand - Enable/disable dial on demand to dial the PPPoE interface when packets are routed to the PPPoE interface. type: str choices: enable, disable
- disc_retry_timeout - PPPoE discovery init timeout value in (0-4294967295 sec). type: int
- idle_timeout - PPPoE auto disconnect after idle timeout (0-4294967295 sec). type: int
- ipunnumbered - PPPoE unnumbered IP. type: str
- ipv6 - Enable/disable IPv6 Control Protocol (IPv6CP). type: str choices: enable, disable
- lcp_echo_interval - PPPoE LCP echo interval in (0-4294967295 sec). type: int
- lcp_max_echo_fails - Maximum missed LCP echo messages before disconnect (0-4294967295). type: int
- name - Name of the PPPoE interface. type: str required: True
- padt_retry_timeout - PPPoE terminate timeout value in (0-4294967295 sec). type: int
- password - Enter the password. type: str
- pppoe_unnumbered_negotiate - Enable/disable PPPoE unnumbered negotiation. type: str choices: enable, disable
- service_name - PPPoE service name. type: str
- username - User name. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure the PPPoE interfaces.
fortios_system_pppoe_interface:
vdom: "{{ vdom }}"
state: "present"
system_pppoe_interface:
ac_name: "<your_own_value>"
auth_type: "auto"
device: "<your_own_value> (source system.interface.name)"
dial_on_demand: "enable"
disc_retry_timeout: "7"
idle_timeout: "8"
ipunnumbered: "<your_own_value>"
ipv6: "enable"
lcp_echo_interval: "11"
lcp_max_echo_fails: "12"
name: "default_name_13"
padt_retry_timeout: "14"
password: "<your_own_value>"
pppoe_unnumbered_negotiate: "enable"
service_name: "<your_own_value>"
username: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_probe_response – Configure system probe response in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and probe_response category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- system_probe_response - Configure system probe response. type: dict
- http_probe_value - Value to respond to the monitoring server. type: str
- mode - SLA response mode. type: str choices: none, http-probe, twamp
- password - Twamp respondor password in authentication mode type: str
- port - Port number to response. type: int
- security_mode - Twamp respondor security mode. type: str choices: none, authentication
- timeout - An inactivity timer for a twamp test session. type: int
- ttl_mode - Mode for TWAMP packet TTL modification. type: str choices: reinit, decrease, retain
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure system probe response.
fortios_system_probe_response:
vdom: "{{ vdom }}"
system_probe_response:
http_probe_value: "<your_own_value>"
mode: "none"
password: "<your_own_value>"
port: "6"
security_mode: "none"
timeout: "8"
ttl_mode: "reinit"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_proxy_arp – Configure proxy-ARP in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and proxy_arp category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_proxy_arp - Configure proxy-ARP. type: dict
- end_ip - End IP of IP range to be proxied. type: str
- id - Unique integer ID of the entry. type: int required: True
- interface - Interface acting proxy-ARP. Source system.interface.name. type: str
- ip - IP address or start IP to be proxied. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure proxy-ARP.
fortios_system_proxy_arp:
vdom: "{{ vdom }}"
state: "present"
system_proxy_arp:
end_ip: "<your_own_value>"
id: "4"
interface: "<your_own_value> (source system.interface.name)"
ip: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_replacemsg_admin – Replacement messages in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_replacemsg feature and admin category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_replacemsg_admin - Replacement messages. type: dict
- buffer - Message string. type: str
- format - Format flag. type: str choices: none, text, html, wml
- header - Header flag. type: str choices: none, http, 8bit
- msg_type - Message type. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Replacement messages.
fortios_system_replacemsg_admin:
vdom: "{{ vdom }}"
state: "present"
system_replacemsg_admin:
buffer: "<your_own_value>"
format: "none"
header: "none"
msg_type: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_replacemsg_alertmail – Replacement messages in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_replacemsg feature and alertmail category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_replacemsg_alertmail - Replacement messages. type: dict
- buffer - Message string. type: str
- format - Format flag. type: str choices: none, text, html, wml
- header - Header flag. type: str choices: none, http, 8bit
- msg_type - Message type. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Replacement messages.
fortios_system_replacemsg_alertmail:
vdom: "{{ vdom }}"
state: "present"
system_replacemsg_alertmail:
buffer: "<your_own_value>"
format: "none"
header: "none"
msg_type: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_replacemsg_auth – Replacement messages in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_replacemsg feature and auth category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_replacemsg_auth - Replacement messages. type: dict
- buffer - Message string. type: str
- format - Format flag. type: str choices: none, text, html, wml
- header - Header flag. type: str choices: none, http, 8bit
- msg_type - Message type. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Replacement messages.
fortios_system_replacemsg_auth:
vdom: "{{ vdom }}"
state: "present"
system_replacemsg_auth:
buffer: "<your_own_value>"
format: "none"
header: "none"
msg_type: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_replacemsg_device_detection_portal – Replacement messages in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_replacemsg feature and device_detection_portal category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_replacemsg_device_detection_portal - Replacement messages. type: dict
- buffer - Message string. type: str
- format - Format flag. type: str choices: none, text, html, wml
- header - Header flag. type: str choices: none, http, 8bit
- msg_type - Message type. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Replacement messages.
fortios_system_replacemsg_device_detection_portal:
vdom: "{{ vdom }}"
state: "present"
system_replacemsg_device_detection_portal:
buffer: "<your_own_value>"
format: "none"
header: "none"
msg_type: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_replacemsg_ec – Replacement messages in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_replacemsg feature and ec category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_replacemsg_ec - Replacement messages. type: dict
- buffer - Message string. type: str
- format - Format flag. type: str choices: none, text, html, wml
- header - Header flag. type: str choices: none, http, 8bit
- msg_type - Message type. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Replacement messages.
fortios_system_replacemsg_ec:
vdom: "{{ vdom }}"
state: "present"
system_replacemsg_ec:
buffer: "<your_own_value>"
format: "none"
header: "none"
msg_type: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_replacemsg_fortiguard_wf – Replacement messages in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_replacemsg feature and fortiguard_wf category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_replacemsg_fortiguard_wf - Replacement messages. type: dict
- buffer - Message string. type: str
- format - Format flag. type: str choices: none, text, html, wml
- header - Header flag. type: str choices: none, http, 8bit
- msg_type - Message type. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Replacement messages.
fortios_system_replacemsg_fortiguard_wf:
vdom: "{{ vdom }}"
state: "present"
system_replacemsg_fortiguard_wf:
buffer: "<your_own_value>"
format: "none"
header: "none"
msg_type: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_replacemsg_ftp – Replacement messages in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_replacemsg feature and ftp category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_replacemsg_ftp - Replacement messages. type: dict
- buffer - Message string. type: str
- format - Format flag. type: str choices: none, text, html, wml
- header - Header flag. type: str choices: none, http, 8bit
- msg_type - Message type. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Replacement messages.
fortios_system_replacemsg_ftp:
vdom: "{{ vdom }}"
state: "present"
system_replacemsg_ftp:
buffer: "<your_own_value>"
format: "none"
header: "none"
msg_type: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_replacemsg_group – Configure replacement message groups in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and replacemsg_group category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_replacemsg_group - Configure replacement message groups. type: dict
- admin - Replacement message table entries. type: list
- buffer - Message string. type: str
- format - Format flag. type: str choices: none, text, html, wml
- header - Header flag. type: str choices: none, http, 8bit
- msg_type - Message type. type: str
- alertmail - Replacement message table entries. type: list
- buffer - Message string. type: str
- format - Format flag. type: str choices: none, text, html, wml
- header - Header flag. type: str choices: none, http, 8bit
- msg_type - Message type. type: str
- auth - Replacement message table entries. type: list
- buffer - Message string. type: str
- format - Format flag. type: str choices: none, text, html, wml
- header - Header flag. type: str choices: none, http, 8bit
- msg_type - Message type. type: str
- comment - Comment. type: str
- custom_message - Replacement message table entries. type: list
- buffer - Message string. type: str
- format - Format flag. type: str choices: none, text, html, wml
- header - Header flag. type: str choices: none, http, 8bit
- msg_type - Message type. type: str
- device_detection_portal - Replacement message table entries. type: list
- buffer - Message string. type: str
- format - Format flag. type: str choices: none, text, html, wml
- header - Header flag. type: str choices: none, http, 8bit
- msg_type - Message type. type: str
- ec - Replacement message table entries. type: list
- buffer - Message string. type: str
- format - Format flag. type: str choices: none, text, html, wml
- header - Header flag. type: str choices: none, http, 8bit
- msg_type - Message type. type: str
- fortiguard_wf - Replacement message table entries. type: list
- buffer - Message string. type: str
- format - Format flag. type: str choices: none, text, html, wml
- header - Header flag. type: str choices: none, http, 8bit
- msg_type - Message type. type: str
- ftp - Replacement message table entries. type: list
- buffer - Message string. type: str
- format - Format flag. type: str choices: none, text, html, wml
- header - Header flag. type: str choices: none, http, 8bit
- msg_type - Message type. type: str
- group_type - Group type. type: str choices: default, utm, auth, ec
- http - Replacement message table entries. type: list
- buffer - Message string. type: str
- format - Format flag. type: str choices: none, text, html, wml
- header - Header flag. type: str choices: none, http, 8bit
- msg_type - Message type. type: str
- icap - Replacement message table entries. type: list
- buffer - Message string. type: str
- format - Format flag. type: str choices: none, text, html, wml
- header - Header flag. type: str choices: none, http, 8bit
- msg_type - Message type. type: str
- mail - Replacement message table entries. type: list
- buffer - Message string. type: str
- format - Format flag. type: str choices: none, text, html, wml
- header - Header flag. type: str choices: none, http, 8bit
- msg_type - Message type. type: str
- nac_quar - Replacement message table entries. type: list
- buffer - Message string. type: str
- format - Format flag. type: str choices: none, text, html, wml
- header - Header flag. type: str choices: none, http, 8bit
- msg_type - Message type. type: str
- name - Group name. type: str required: True
- nntp - Replacement message table entries. type: list
- buffer - Message string. type: str
- format - Format flag. type: str choices: none, text, html, wml
- header - Header flag. type: str choices: none, http, 8bit
- msg_type - Message type. type: str
- spam - Replacement message table entries. type: list
- buffer - Message string. type: str
- format - Format flag. type: str choices: none, text, html, wml
- header - Header flag. type: str choices: none, http, 8bit
- msg_type - Message type. type: str
- sslvpn - Replacement message table entries. type: list
- buffer - Message string. type: str
- format - Format flag. type: str choices: none, text, html, wml
- header - Header flag. type: str choices: none, http, 8bit
- msg_type - Message type. type: str
- traffic_quota - Replacement message table entries. type: list
- buffer - Message string. type: str
- format - Format flag. type: str choices: none, text, html, wml
- header - Header flag. type: str choices: none, http, 8bit
- msg_type - Message type. type: str
- utm - Replacement message table entries. type: list
- buffer - Message string. type: str
- format - Format flag. type: str choices: none, text, html, wml
- header - Header flag. type: str choices: none, http, 8bit
- msg_type - Message type. type: str
- webproxy - Replacement message table entries. type: list
- buffer - Message string. type: str
- format - Format flag. type: str choices: none, text, html, wml
- header - Header flag. type: str choices: none, http, 8bit
- msg_type - Message type. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure replacement message groups.
fortios_system_replacemsg_group:
vdom: "{{ vdom }}"
state: "present"
system_replacemsg_group:
admin:
-
buffer: "<your_own_value>"
format: "none"
header: "none"
msg_type: "<your_own_value>"
alertmail:
-
buffer: "<your_own_value>"
format: "none"
header: "none"
msg_type: "<your_own_value>"
auth:
-
buffer: "<your_own_value>"
format: "none"
header: "none"
msg_type: "<your_own_value>"
comment: "Comment."
custom_message:
-
buffer: "<your_own_value>"
format: "none"
header: "none"
msg_type: "<your_own_value>"
device_detection_portal:
-
buffer: "<your_own_value>"
format: "none"
header: "none"
msg_type: "<your_own_value>"
ec:
-
buffer: "<your_own_value>"
format: "none"
header: "none"
msg_type: "<your_own_value>"
fortiguard_wf:
-
buffer: "<your_own_value>"
format: "none"
header: "none"
msg_type: "<your_own_value>"
ftp:
-
buffer: "<your_own_value>"
format: "none"
header: "none"
msg_type: "<your_own_value>"
group_type: "default"
http:
-
buffer: "<your_own_value>"
format: "none"
header: "none"
msg_type: "<your_own_value>"
icap:
-
buffer: "<your_own_value>"
format: "none"
header: "none"
msg_type: "<your_own_value>"
mail:
-
buffer: "<your_own_value>"
format: "none"
header: "none"
msg_type: "<your_own_value>"
nac_quar:
-
buffer: "<your_own_value>"
format: "none"
header: "none"
msg_type: "<your_own_value>"
name: "default_name_65"
nntp:
-
buffer: "<your_own_value>"
format: "none"
header: "none"
msg_type: "<your_own_value>"
spam:
-
buffer: "<your_own_value>"
format: "none"
header: "none"
msg_type: "<your_own_value>"
sslvpn:
-
buffer: "<your_own_value>"
format: "none"
header: "none"
msg_type: "<your_own_value>"
traffic_quota:
-
buffer: "<your_own_value>"
format: "none"
header: "none"
msg_type: "<your_own_value>"
utm:
-
buffer: "<your_own_value>"
format: "none"
header: "none"
msg_type: "<your_own_value>"
webproxy:
-
buffer: "<your_own_value>"
format: "none"
header: "none"
msg_type: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_replacemsg_http – Replacement messages in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_replacemsg feature and http category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_replacemsg_http - Replacement messages. type: dict
- buffer - Message string. type: str
- format - Format flag. type: str choices: none, text, html, wml
- header - Header flag. type: str choices: none, http, 8bit
- msg_type - Message type. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Replacement messages.
fortios_system_replacemsg_http:
vdom: "{{ vdom }}"
state: "present"
system_replacemsg_http:
buffer: "<your_own_value>"
format: "none"
header: "none"
msg_type: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_replacemsg_icap – Replacement messages in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_replacemsg feature and icap category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_replacemsg_icap - Replacement messages. type: dict
- buffer - Message string. type: str
- format - Format flag. type: str choices: none, text, html, wml
- header - Header flag. type: str choices: none, http, 8bit
- msg_type - Message type. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Replacement messages.
fortios_system_replacemsg_icap:
vdom: "{{ vdom }}"
state: "present"
system_replacemsg_icap:
buffer: "<your_own_value>"
format: "none"
header: "none"
msg_type: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_replacemsg_image – Configure replacement message images in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and replacemsg_image category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_replacemsg_image - Configure replacement message images. type: dict
- image_base64 - Image data. type: str
- image_type - Image type. type: str choices: gif, jpg, tiff, png
- name - Image name. type: str required: True
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure replacement message images.
fortios_system_replacemsg_image:
vdom: "{{ vdom }}"
state: "present"
system_replacemsg_image:
image_base64: "<your_own_value>"
image_type: "gif"
name: "default_name_5"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_replacemsg_mail – Replacement messages in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_replacemsg feature and mail category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_replacemsg_mail - Replacement messages. type: dict
- buffer - Message string. type: str
- format - Format flag. type: str choices: none, text, html, wml
- header - Header flag. type: str choices: none, http, 8bit
- msg_type - Message type. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Replacement messages.
fortios_system_replacemsg_mail:
vdom: "{{ vdom }}"
state: "present"
system_replacemsg_mail:
buffer: "<your_own_value>"
format: "none"
header: "none"
msg_type: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_replacemsg_nac_quar – Replacement messages in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_replacemsg feature and nac_quar category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_replacemsg_nac_quar - Replacement messages. type: dict
- buffer - Message string. type: str
- format - Format flag. type: str choices: none, text, html, wml
- header - Header flag. type: str choices: none, http, 8bit
- msg_type - Message type. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Replacement messages.
fortios_system_replacemsg_nac_quar:
vdom: "{{ vdom }}"
state: "present"
system_replacemsg_nac_quar:
buffer: "<your_own_value>"
format: "none"
header: "none"
msg_type: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_replacemsg_nntp – Replacement messages in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_replacemsg feature and nntp category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_replacemsg_nntp - Replacement messages. type: dict
- buffer - Message string. type: str
- format - Format flag. type: str choices: none, text, html, wml
- header - Header flag. type: str choices: none, http, 8bit
- msg_type - Message type. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Replacement messages.
fortios_system_replacemsg_nntp:
vdom: "{{ vdom }}"
state: "present"
system_replacemsg_nntp:
buffer: "<your_own_value>"
format: "none"
header: "none"
msg_type: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_replacemsg_spam – Replacement messages in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_replacemsg feature and spam category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_replacemsg_spam - Replacement messages. type: dict
- buffer - Message string. type: str
- format - Format flag. type: str choices: none, text, html, wml
- header - Header flag. type: str choices: none, http, 8bit
- msg_type - Message type. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Replacement messages.
fortios_system_replacemsg_spam:
vdom: "{{ vdom }}"
state: "present"
system_replacemsg_spam:
buffer: "<your_own_value>"
format: "none"
header: "none"
msg_type: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_replacemsg_sslvpn – Replacement messages in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_replacemsg feature and sslvpn category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_replacemsg_sslvpn - Replacement messages. type: dict
- buffer - Message string. type: str
- format - Format flag. type: str choices: none, text, html, wml
- header - Header flag. type: str choices: none, http, 8bit
- msg_type - Message type. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Replacement messages.
fortios_system_replacemsg_sslvpn:
vdom: "{{ vdom }}"
state: "present"
system_replacemsg_sslvpn:
buffer: "<your_own_value>"
format: "none"
header: "none"
msg_type: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_replacemsg_traffic_quota – Replacement messages in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_replacemsg feature and traffic_quota category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_replacemsg_traffic_quota - Replacement messages. type: dict
- buffer - Message string. type: str
- format - Format flag. type: str choices: none, text, html, wml
- header - Header flag. type: str choices: none, http, 8bit
- msg_type - Message type. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Replacement messages.
fortios_system_replacemsg_traffic_quota:
vdom: "{{ vdom }}"
state: "present"
system_replacemsg_traffic_quota:
buffer: "<your_own_value>"
format: "none"
header: "none"
msg_type: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_replacemsg_utm – Replacement messages in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_replacemsg feature and utm category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_replacemsg_utm - Replacement messages. type: dict
- buffer - Message string. type: str
- format - Format flag. type: str choices: none, text, html, wml
- header - Header flag. type: str choices: none, http, 8bit
- msg_type - Message type. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Replacement messages.
fortios_system_replacemsg_utm:
vdom: "{{ vdom }}"
state: "present"
system_replacemsg_utm:
buffer: "<your_own_value>"
format: "none"
header: "none"
msg_type: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_replacemsg_webproxy – Replacement messages in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_replacemsg feature and webproxy category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_replacemsg_webproxy - Replacement messages. type: dict
- buffer - Message string. type: str
- format - Format flag. type: str choices: none, text, html, wml
- header - Header flag. type: str choices: none, http, 8bit
- msg_type - Message type. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Replacement messages.
fortios_system_replacemsg_webproxy:
vdom: "{{ vdom }}"
state: "present"
system_replacemsg_webproxy:
buffer: "<your_own_value>"
format: "none"
header: "none"
msg_type: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_resource_limits – Configure resource limits in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and resource_limits category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- system_resource_limits - Configure resource limits. type: dict
- custom_service - Maximum number of firewall custom services. type: int
- dialup_tunnel - Maximum number of dial-up tunnels. type: int
- firewall_address - Maximum number of firewall addresses (IPv4, IPv6, multicast). type: int
- firewall_addrgrp - Maximum number of firewall address groups (IPv4, IPv6). type: int
- firewall_policy - Maximum number of firewall policies (IPv4, IPv6, policy46, policy64, DoS-policy4, DoS-policy6, multicast). type: int
- ipsec_phase1 - Maximum number of VPN IPsec phase1 tunnels. type: int
- ipsec_phase1_interface - Maximum number of VPN IPsec phase1 interface tunnels. type: int
- ipsec_phase2 - Maximum number of VPN IPsec phase2 tunnels. type: int
- ipsec_phase2_interface - Maximum number of VPN IPsec phase2 interface tunnels. type: int
- log_disk_quota - Log disk quota in MB. type: int
- onetime_schedule - Maximum number of firewall one-time schedules. type: int
- proxy - Maximum number of concurrent proxy users. type: int
- recurring_schedule - Maximum number of firewall recurring schedules. type: int
- service_group - Maximum number of firewall service groups. type: int
- session - Maximum number of sessions. type: int
- sslvpn - Maximum number of SSL-VPN. type: int
- user - Maximum number of local users. type: int
- user_group - Maximum number of user groups. type: int
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure resource limits.
fortios_system_resource_limits:
vdom: "{{ vdom }}"
system_resource_limits:
custom_service: "3"
dialup_tunnel: "4"
firewall_address: "5"
firewall_addrgrp: "6"
firewall_policy: "7"
ipsec_phase1: "8"
ipsec_phase1_interface: "9"
ipsec_phase2: "10"
ipsec_phase2_interface: "11"
log_disk_quota: "12"
onetime_schedule: "13"
proxy: "14"
recurring_schedule: "15"
service_group: "16"
session: "17"
sslvpn: "18"
user: "19"
user_group: "20"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_sdn_connector – Configure connection to SDN Connector in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and sdn_connector category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- system_sdn_connector - Configure connection to SDN Connector. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- access_key - AWS access key ID. type: str
- azure_region - Azure server region. type: str choices: global, china, germany, usgov, local
- client_id - Azure client ID (application ID). type: str
- client_secret - Azure client secret (application key). type: str
- compartment_id - Compartment ID. type: str
- external_ip - Configure GCP external IP. type: list
- name - External IP name. type: str required: True
- gcp_project - GCP project name. type: str
- key_passwd - Private key password. type: str
- login_endpoint - Azure Stack login enpoint. type: str
- name - SDN connector name. type: str required: True
- nic - Configure Azure network interface. type: list
- ip - Configure IP configuration. type: list
- name - IP configuration name. type: str required: True
- public_ip - Public IP name. type: str
- name - Network interface name. type: str required: True
- oci_cert - OCI certificate. Source certificate.local.name. type: str
- oci_fingerprint - OCI pubkey fingerprint. type: str
- oci_region - OCI server region. type: str choices: phoenix, ashburn, frankfurt, london
- password - Password of the remote SDN connector as login credentials. type: str
- private_key - Private key of GCP service account. type: str
- region - AWS region name. type: str
- resource_group - Azure resource group. type: str
- resource_url - Azure Stack resource URL. type: str
- route - Configure GCP route. type: list
- name - Route name. type: str required: True
- route_table - Configure Azure route table. type: list
- name - Route table name. type: str required: True
- route - Configure Azure route. type: list
- name - Route name. type: str required: True
- next_hop - Next hop address. type: str
- secret_key - AWS secret access key. type: str
- server - Server address of the remote SDN connector. type: str
- server_port - Port number of the remote SDN connector. type: int
- service_account - GCP service account email. type: str
- status - Enable/disable connection to the remote SDN connector. type: str choices: disable, enable
- subscription_id - Azure subscription ID. type: str
- tenant_id - Tenant ID (directory ID). type: str
- type - Type of SDN connector. type: str choices: aci, aws, azure, gcp, nsx, nuage, oci, openstack
- update_interval - Dynamic object update interval (0 - 3600 sec, 0 means disabled). type: int
- use_metadata_iam - Enable/disable using IAM role from metadata to call API. type: str choices: disable, enable
- user_id - User ID. type: str
- username - Username of the remote SDN connector as login credentials. type: str
- vpc_id - AWS VPC ID. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure connection to SDN Connector.
fortios_system_sdn_connector:
vdom: "{{ vdom }}"
state: "present"
system_sdn_connector:
access_key: "<your_own_value>"
azure_region: "global"
client_id: "<your_own_value>"
client_secret: "<your_own_value>"
compartment_id: "<your_own_value>"
external_ip:
-
name: "default_name_9"
gcp_project: "<your_own_value>"
key_passwd: "<your_own_value>"
login_endpoint: "<your_own_value>"
name: "default_name_13"
nic:
-
ip:
-
name: "default_name_16"
public_ip: "<your_own_value>"
name: "default_name_18"
oci_cert: "<your_own_value> (source certificate.local.name)"
oci_fingerprint: "<your_own_value>"
oci_region: "phoenix"
password: "<your_own_value>"
private_key: "<your_own_value>"
region: "<your_own_value>"
resource_group: "<your_own_value>"
resource_url: "<your_own_value>"
route:
-
name: "default_name_28"
route_table:
-
name: "default_name_30"
route:
-
name: "default_name_32"
next_hop: "<your_own_value>"
secret_key: "<your_own_value>"
server: "192.168.100.40"
server_port: "36"
service_account: "<your_own_value>"
status: "disable"
subscription_id: "<your_own_value>"
tenant_id: "<your_own_value>"
type: "aci"
update_interval: "42"
use_metadata_iam: "disable"
user_id: "<your_own_value>"
username: "<your_own_value>"
vpc_id: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_session_helper – Configure session helper in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and session_helper category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_session_helper - Configure session helper. type: dict
- id - Session helper ID. type: int required: True
- name - Helper name. type: str choices: ftp, tftp, ras, h323, tns, mms, sip, pptp, rtsp, dns-udp, dns-tcp, pmap, rsh, dcerpc, mgcp, gtp-c, gtp-u, gtp-b
- port - Protocol port. type: int
- protocol - Protocol number. type: int
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure session helper.
fortios_system_session_helper:
vdom: "{{ vdom }}"
state: "present"
system_session_helper:
id: "3"
name: "default_name_4"
port: "5"
protocol: "6"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_session_ttl – Configure global session TTL timers for this FortiGate in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and session_ttl category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- system_session_ttl - Configure global session TTL timers for this FortiGate. type: dict
- default - Default timeout. type: str
- port - Session TTL port. type: list
- end_port - End port number. type: int
- id - Table entry ID. type: int required: True
- protocol - Protocol (0 - 255). type: int
- start_port - Start port number. type: int
- timeout - Session timeout (TTL). type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure global session TTL timers for this FortiGate.
fortios_system_session_ttl:
vdom: "{{ vdom }}"
system_session_ttl:
default: "<your_own_value>"
port:
-
end_port: "5"
id: "6"
protocol: "7"
start_port: "8"
timeout: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_settings – Configure VDOM settings in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and settings category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- system_settings - Configure VDOM settings. type: dict
- allow_linkdown_path - Enable/disable link down path. type: str choices: enable, disable
- allow_subnet_overlap - Enable/disable allowing interface subnets to use overlapping IP addresses. type: str choices: enable, disable
- asymroute - Enable/disable IPv4 asymmetric routing. type: str choices: enable, disable
- asymroute_icmp - Enable/disable ICMP asymmetric routing. type: str choices: enable, disable
- asymroute6 - Enable/disable asymmetric IPv6 routing. type: str choices: enable, disable
- asymroute6_icmp - Enable/disable asymmetric ICMPv6 routing. type: str choices: enable, disable
- bfd - Enable/disable Bi-directional Forwarding Detection (BFD) on all interfaces. type: str choices: enable, disable
- bfd_desired_min_tx - BFD desired minimal transmit interval (1 - 100000 ms). type: int
- bfd_detect_mult - BFD detection multiplier (1 - 50). type: int
- bfd_dont_enforce_src_port - Enable to not enforce verifying the source port of BFD Packets. type: str choices: enable, disable
- bfd_required_min_rx - BFD required minimal receive interval (1 - 100000 ms). type: int
- block_land_attack - Enable/disable blocking of land attacks. type: str choices: disable, enable
- central_nat - Enable/disable central NAT. type: str choices: enable, disable
- comments - VDOM comments. type: str
- compliance_check - Enable/disable PCI DSS compliance checking. type: str choices: enable, disable
- default_voip_alg_mode - Configure how the FortiGate handles VoIP traffic when a policy that accepts the traffic doesn"t include a VoIP profile. type: str choices: proxy-based, kernel-helper-based
- deny_tcp_with_icmp - Enable/disable denying TCP by sending an ICMP communication prohibited packet. type: str choices: enable, disable
- device - Interface to use for management access for NAT mode. Source system.interface.name. type: str
- dhcp_proxy - Enable/disable the DHCP Proxy. type: str choices: enable, disable
- dhcp_server_ip - DHCP Server IPv4 address. type: str
- dhcp6_server_ip - DHCPv6 server IPv6 address. type: str
- discovered_device_timeout - Timeout for discovered devices (1 - 365 days). type: int
- ecmp_max_paths - Maximum number of Equal Cost Multi-Path (ECMP) next-hops. Set to 1 to disable ECMP routing (1 - 100). type: int
- email_portal_check_dns - Enable/disable using DNS to validate email addresses collected by a captive portal. type: str choices: disable, enable
- firewall_session_dirty - Select how to manage sessions affected by firewall policy configuration changes. type: str choices: check-all, check-new, check-policy-option
- fw_session_hairpin - Enable/disable checking for a matching policy each time hairpin traffic goes through the FortiGate. type: str choices: enable, disable
- gateway - Transparent mode IPv4 default gateway IP address. type: str
- gateway6 - Transparent mode IPv4 default gateway IP address. type: str
- gui_advanced_policy - Enable/disable advanced policy configuration on the GUI. type: str choices: enable, disable
- gui_allow_unnamed_policy - Enable/disable the requirement for policy naming on the GUI. type: str choices: enable, disable
- gui_antivirus - Enable/disable AntiVirus on the GUI. type: str choices: enable, disable
- gui_ap_profile - Enable/disable FortiAP profiles on the GUI. type: str choices: enable, disable
- gui_application_control - Enable/disable application control on the GUI. type: str choices: enable, disable
- gui_default_policy_columns - Default columns to display for policy lists on GUI. type: list
- name - Select column name. type: str required: True
- gui_dhcp_advanced - Enable/disable advanced DHCP options on the GUI. type: str choices: enable, disable
- gui_dlp - Enable/disable DLP on the GUI. type: str choices: enable, disable
- gui_dns_database - Enable/disable DNS database settings on the GUI. type: str choices: enable, disable
- gui_dnsfilter - Enable/disable DNS Filtering on the GUI. type: str choices: enable, disable
- gui_domain_ip_reputation - Enable/disable Domain and IP Reputation on the GUI. type: str choices: enable, disable
- gui_dos_policy - Enable/disable DoS policies on the GUI. type: str choices: enable, disable
- gui_dynamic_profile_display - Enable/disable RADIUS Single Sign On (RSSO) on the GUI. type: str choices: enable, disable
- gui_dynamic_routing - Enable/disable dynamic routing on the GUI. type: str choices: enable, disable
- gui_email_collection - Enable/disable email collection on the GUI. type: str choices: enable, disable
- gui_endpoint_control - Enable/disable endpoint control on the GUI. type: str choices: enable, disable
- gui_endpoint_control_advanced - Enable/disable advanced endpoint control options on the GUI. type: str choices: enable, disable
- gui_explicit_proxy - Enable/disable the explicit proxy on the GUI. type: str choices: enable, disable
- gui_fortiap_split_tunneling - Enable/disable FortiAP split tunneling on the GUI. type: str choices: enable, disable
- gui_fortiextender_controller - Enable/disable FortiExtender on the GUI. type: str choices: enable, disable
- gui_icap - Enable/disable ICAP on the GUI. type: str choices: enable, disable
- gui_implicit_policy - Enable/disable implicit firewall policies on the GUI. type: str choices: enable, disable
- gui_ips - Enable/disable IPS on the GUI. type: str choices: enable, disable
- gui_load_balance - Enable/disable server load balancing on the GUI. type: str choices: enable, disable
- gui_local_in_policy - Enable/disable Local-In policies on the GUI. type: str choices: enable, disable
- gui_local_reports - Enable/disable local reports on the GUI. type: str choices: enable, disable
- gui_multicast_policy - Enable/disable multicast firewall policies on the GUI. type: str choices: enable, disable
- gui_multiple_interface_policy - Enable/disable adding multiple interfaces to a policy on the GUI. type: str choices: enable, disable
- gui_multiple_utm_profiles - Enable/disable multiple UTM profiles on the GUI. type: str choices: enable, disable
- gui_nat46_64 - Enable/disable NAT46 and NAT64 settings on the GUI. type: str choices: enable, disable
- gui_object_colors - Enable/disable object colors on the GUI. type: str choices: enable, disable
- gui_policy_based_ipsec - Enable/disable policy-based IPsec VPN on the GUI. type: str choices: enable, disable
- gui_policy_learning - Enable/disable firewall policy learning mode on the GUI. type: str choices: enable, disable
- gui_replacement_message_groups - Enable/disable replacement message groups on the GUI. type: str choices: enable, disable
- gui_spamfilter - Enable/disable Antispam on the GUI. type: str choices: enable, disable
- gui_sslvpn_personal_bookmarks - Enable/disable SSL-VPN personal bookmark management on the GUI. type: str choices: enable, disable
- gui_sslvpn_realms - Enable/disable SSL-VPN realms on the GUI. type: str choices: enable, disable
- gui_switch_controller - Enable/disable the switch controller on the GUI. type: str choices: enable, disable
- gui_threat_weight - Enable/disable threat weight on the GUI. type: str choices: enable, disable
- gui_traffic_shaping - Enable/disable traffic shaping on the GUI. type: str choices: enable, disable
- gui_voip_profile - Enable/disable VoIP profiles on the GUI. type: str choices: enable, disable
- gui_vpn - Enable/disable VPN tunnels on the GUI. type: str choices: enable, disable
- gui_waf_profile - Enable/disable Web Application Firewall on the GUI. type: str choices: enable, disable
- gui_wan_load_balancing - Enable/disable SD-WAN on the GUI. type: str choices: enable, disable
- gui_wanopt_cache - Enable/disable WAN Optimization and Web Caching on the GUI. type: str choices: enable, disable
- gui_webfilter - Enable/disable Web filtering on the GUI. type: str choices: enable, disable
- gui_webfilter_advanced - Enable/disable advanced web filtering on the GUI. type: str choices: enable, disable
- gui_wireless_controller - Enable/disable the wireless controller on the GUI. type: str choices: enable, disable
- http_external_dest - Offload HTTP traffic to FortiWeb or FortiCache. type: str choices: fortiweb, forticache
- ike_dn_format - Configure IKE ASN.1 Distinguished Name format conventions. type: str choices: with-space, no-space
- ike_quick_crash_detect - Enable/disable IKE quick crash detection (RFC 6290). type: str choices: enable, disable
- ike_session_resume - Enable/disable IKEv2 session resumption (RFC 5723). type: str choices: enable, disable
- implicit_allow_dns - Enable/disable implicitly allowing DNS traffic. type: str choices: enable, disable
- inspection_mode - Inspection mode (proxy-based or flow-based). type: str choices: proxy, flow
- ip - IP address and netmask. type: str
- ip6 - IPv6 address prefix for NAT mode. type: str
- link_down_access - Enable/disable link down access traffic. type: str choices: enable, disable
- lldp_transmission - Enable/disable Link Layer Discovery Protocol (LLDP) for this VDOM or apply global settings to this VDOM. type: str choices: enable, disable, global
- mac_ttl - Duration of MAC addresses in Transparent mode (300 - 8640000 sec). type: int
- manageip - Transparent mode IPv4 management IP address and netmask. type: str
- manageip6 - Transparent mode IPv6 management IP address and netmask. type: str
- multicast_forward - Enable/disable multicast forwarding. type: str choices: enable, disable
- multicast_skip_policy - Enable/disable allowing multicast traffic through the FortiGate without a policy check. type: str choices: enable, disable
- multicast_ttl_notchange - Enable/disable preventing the FortiGate from changing the TTL for forwarded multicast packets. type: str choices: enable, disable
- ngfw_mode - Next Generation Firewall (NGFW) mode. type: str choices: profile-based, policy-based
- opmode - Firewall operation mode (NAT or Transparent). type: str choices: nat, transparent
- prp_trailer_action - Enable/disable action to take on PRP trailer. type: str choices: enable, disable
- sccp_port - TCP port the SCCP proxy monitors for SCCP traffic (0 - 65535). type: int
- ses_denied_traffic - Enable/disable including denied session in the session table. type: str choices: enable, disable
- sip_helper - Enable/disable the SIP session helper to process SIP sessions unless SIP sessions are accepted by the SIP application layer gateway (ALG). type: str choices: enable, disable
- sip_nat_trace - Enable/disable recording the original SIP source IP address when NAT is used. type: str choices: enable, disable
- sip_ssl_port - TCP port the SIP proxy monitors for SIP SSL/TLS traffic (0 - 65535). type: int
- sip_tcp_port - TCP port the SIP proxy monitors for SIP traffic (0 - 65535). type: int
- sip_udp_port - UDP port the SIP proxy monitors for SIP traffic (0 - 65535). type: int
- snat_hairpin_traffic - Enable/disable source NAT (SNAT) for hairpin traffic. type: str choices: enable, disable
- ssl_ssh_profile - Profile for SSL/SSH inspection. Source firewall.ssl-ssh-profile.name. type: str
- status - Enable/disable this VDOM. type: str choices: enable, disable
- strict_src_check - Enable/disable strict source verification. type: str choices: enable, disable
- tcp_session_without_syn - Enable/disable allowing TCP session without SYN flags. type: str choices: enable, disable
- utf8_spam_tagging - Enable/disable converting antispam tags to UTF-8 for better non-ASCII character support. type: str choices: enable, disable
- v4_ecmp_mode - IPv4 Equal-cost multi-path (ECMP) routing and load balancing mode. type: str choices: source-ip-based, weight-based, usage-based, source-dest-ip-based
- vpn_stats_log - Enable/disable periodic VPN log statistics for one or more types of VPN. Separate names with a space. type: str choices: ipsec, pptp, l2tp, ssl
- vpn_stats_period - Period to send VPN log statistics (60 - 86400 sec). type: int
- wccp_cache_engine - Enable/disable WCCP cache engine. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure VDOM settings.
fortios_system_settings:
vdom: "{{ vdom }}"
system_settings:
allow_linkdown_path: "enable"
allow_subnet_overlap: "enable"
asymroute: "enable"
asymroute_icmp: "enable"
asymroute6: "enable"
asymroute6_icmp: "enable"
bfd: "enable"
bfd_desired_min_tx: "10"
bfd_detect_mult: "11"
bfd_dont_enforce_src_port: "enable"
bfd_required_min_rx: "13"
block_land_attack: "disable"
central_nat: "enable"
comments: "<your_own_value>"
compliance_check: "enable"
default_voip_alg_mode: "proxy-based"
deny_tcp_with_icmp: "enable"
device: "<your_own_value> (source system.interface.name)"
dhcp_proxy: "enable"
dhcp_server_ip: "<your_own_value>"
dhcp6_server_ip: "<your_own_value>"
discovered_device_timeout: "24"
ecmp_max_paths: "25"
email_portal_check_dns: "disable"
firewall_session_dirty: "check-all"
fw_session_hairpin: "enable"
gateway: "<your_own_value>"
gateway6: "<your_own_value>"
gui_advanced_policy: "enable"
gui_allow_unnamed_policy: "enable"
gui_antivirus: "enable"
gui_ap_profile: "enable"
gui_application_control: "enable"
gui_default_policy_columns:
-
name: "default_name_37"
gui_dhcp_advanced: "enable"
gui_dlp: "enable"
gui_dns_database: "enable"
gui_dnsfilter: "enable"
gui_domain_ip_reputation: "enable"
gui_dos_policy: "enable"
gui_dynamic_profile_display: "enable"
gui_dynamic_routing: "enable"
gui_email_collection: "enable"
gui_endpoint_control: "enable"
gui_endpoint_control_advanced: "enable"
gui_explicit_proxy: "enable"
gui_fortiap_split_tunneling: "enable"
gui_fortiextender_controller: "enable"
gui_icap: "enable"
gui_implicit_policy: "enable"
gui_ips: "enable"
gui_load_balance: "enable"
gui_local_in_policy: "enable"
gui_local_reports: "enable"
gui_multicast_policy: "enable"
gui_multiple_interface_policy: "enable"
gui_multiple_utm_profiles: "enable"
gui_nat46_64: "enable"
gui_object_colors: "enable"
gui_policy_based_ipsec: "enable"
gui_policy_learning: "enable"
gui_replacement_message_groups: "enable"
gui_spamfilter: "enable"
gui_sslvpn_personal_bookmarks: "enable"
gui_sslvpn_realms: "enable"
gui_switch_controller: "enable"
gui_threat_weight: "enable"
gui_traffic_shaping: "enable"
gui_voip_profile: "enable"
gui_vpn: "enable"
gui_waf_profile: "enable"
gui_wan_load_balancing: "enable"
gui_wanopt_cache: "enable"
gui_webfilter: "enable"
gui_webfilter_advanced: "enable"
gui_wireless_controller: "enable"
http_external_dest: "fortiweb"
ike_dn_format: "with-space"
ike_quick_crash_detect: "enable"
ike_session_resume: "enable"
implicit_allow_dns: "enable"
inspection_mode: "proxy"
ip: "<your_own_value>"
ip6: "<your_own_value>"
link_down_access: "enable"
lldp_transmission: "enable"
mac_ttl: "90"
manageip: "<your_own_value>"
manageip6: "<your_own_value>"
multicast_forward: "enable"
multicast_skip_policy: "enable"
multicast_ttl_notchange: "enable"
ngfw_mode: "profile-based"
opmode: "nat"
prp_trailer_action: "enable"
sccp_port: "99"
ses_denied_traffic: "enable"
sip_helper: "enable"
sip_nat_trace: "enable"
sip_ssl_port: "103"
sip_tcp_port: "104"
sip_udp_port: "105"
snat_hairpin_traffic: "enable"
ssl_ssh_profile: "<your_own_value> (source firewall.ssl-ssh-profile.name)"
status: "enable"
strict_src_check: "enable"
tcp_session_without_syn: "enable"
utf8_spam_tagging: "enable"
v4_ecmp_mode: "source-ip-based"
vpn_stats_log: "ipsec"
vpn_stats_period: "114"
wccp_cache_engine: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_sflow – Configure sFlow in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and sflow category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- system_sflow - Configure sFlow. type: dict
- collector_ip - IP address of the sFlow collector that sFlow agents added to interfaces in this VDOM send sFlow datagrams to . type: str
- collector_port - UDP port number used for sending sFlow datagrams (configure only if required by your sFlow collector or your network configuration) (0 - 65535). type: int
- source_ip - Source IP address for sFlow agent. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure sFlow.
fortios_system_sflow:
vdom: "{{ vdom }}"
system_sflow:
collector_ip: "<your_own_value>"
collector_port: "4"
source_ip: "84.230.14.43"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_sit_tunnel – Configure IPv6 tunnel over IPv4 in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and sit_tunnel category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_sit_tunnel - Configure IPv6 tunnel over IPv4. type: dict
- destination - Destination IP address of the tunnel. type: str
- interface - Interface name. Source system.interface.name. type: str
- ip6 - IPv6 address of the tunnel. type: str
- name - Tunnel name. type: str required: True
- source - Source IP address of the tunnel. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IPv6 tunnel over IPv4.
fortios_system_sit_tunnel:
vdom: "{{ vdom }}"
state: "present"
system_sit_tunnel:
destination: "<your_own_value>"
interface: "<your_own_value> (source system.interface.name)"
ip6: "<your_own_value>"
name: "default_name_6"
source: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_sms_server – Configure SMS server for sending SMS messages to support user authentication in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and sms_server category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_sms_server - Configure SMS server for sending SMS messages to support user authentication. type: dict
- mail_server - Email-to-SMS server domain name. type: str
- name - Name of SMS server. type: str required: True
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure SMS server for sending SMS messages to support user authentication.
fortios_system_sms_server:
vdom: "{{ vdom }}"
state: "present"
system_sms_server:
mail_server: "<your_own_value>"
name: "default_name_4"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_snmp_community – SNMP community configuration in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_snmp feature and community category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_snmp_community - SNMP community configuration. type: dict
- events - SNMP trap events. type: list choices: cpu-high, mem-low, log-full, intf-ip, vpn-tun-up, vpn-tun-down, ha-switch, ha-hb-failure, ips-signature, ips-anomaly, av-virus, av-oversize, av-pattern, av-fragmented, fm-if-change, fm-conf-change, bgp-established, bgp-backward-transition, ha-member-up, ha-member-down, ent-conf-change, av-conserve, av-bypass, av-oversize-passed, av-oversize-blocked, ips-pkg-update, ips-fail-open, faz-disconnect, wc-ap-up, wc-ap-down, fswctl-session-up, fswctl-session-down, load-balance-real-server-down, device-new, per-cpu-high
- hosts - Configure IPv4 SNMP managers (hosts). type: list
- ha_direct - Enable/disable direct management of HA cluster members. type: str choices: enable, disable
- host_type - Control whether the SNMP manager sends SNMP queries, receives SNMP traps, or both. type: str choices: any, query, trap
- id - Host entry ID. type: int required: True
- ip - IPv4 address of the SNMP manager (host). type: str
- source_ip - Source IPv4 address for SNMP traps. type: str
- hosts6 - Configure IPv6 SNMP managers. type: list
- ha_direct - Enable/disable direct management of HA cluster members. type: str choices: enable, disable
- host_type - Control whether the SNMP manager sends SNMP queries, receives SNMP traps, or both. type: str choices: any, query, trap
- id - Host6 entry ID. type: int required: True
- ipv6 - SNMP manager IPv6 address prefix. type: str
- source_ipv6 - Source IPv6 address for SNMP traps. type: str
- id - Community ID. type: int required: True
- name - Community name. type: str
- query_v1_port - SNMP v1 query port . type: int
- query_v1_status - Enable/disable SNMP v1 queries. type: str choices: enable, disable
- query_v2c_port - SNMP v2c query port . type: int
- query_v2c_status - Enable/disable SNMP v2c queries. type: str choices: enable, disable
- status - Enable/disable this SNMP community. type: str choices: enable, disable
- trap_v1_lport - SNMP v1 trap local port . type: int
- trap_v1_rport - SNMP v1 trap remote port . type: int
- trap_v1_status - Enable/disable SNMP v1 traps. type: str choices: enable, disable
- trap_v2c_lport - SNMP v2c trap local port . type: int
- trap_v2c_rport - SNMP v2c trap remote port . type: int
- trap_v2c_status - Enable/disable SNMP v2c traps. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: SNMP community configuration.
fortios_system_snmp_community:
vdom: "{{ vdom }}"
state: "present"
system_snmp_community:
events: "cpu-high"
hosts:
-
ha_direct: "enable"
host_type: "any"
id: "7"
ip: "<your_own_value>"
source_ip: "84.230.14.43"
hosts6:
-
ha_direct: "enable"
host_type: "any"
id: "13"
ipv6: "<your_own_value>"
source_ipv6: "<your_own_value>"
id: "16"
name: "default_name_17"
query_v1_port: "18"
query_v1_status: "enable"
query_v2c_port: "20"
query_v2c_status: "enable"
status: "enable"
trap_v1_lport: "23"
trap_v1_rport: "24"
trap_v1_status: "enable"
trap_v2c_lport: "26"
trap_v2c_rport: "27"
trap_v2c_status: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_snmp_sysinfo – SNMP system info configuration in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_snmp feature and sysinfo category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- system_snmp_sysinfo - SNMP system info configuration. type: dict
- contact_info - Contact information. type: str
- description - System description. type: str
- engine_id - Local SNMP engineID string (maximum 24 characters). type: str
- location - System location. type: str
- status - Enable/disable SNMP. type: str choices: enable, disable
- trap_high_cpu_threshold - CPU usage when trap is sent. type: int
- trap_log_full_threshold - Log disk usage when trap is sent. type: int
- trap_low_memory_threshold - Memory usage when trap is sent. type: int
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: SNMP system info configuration.
fortios_system_snmp_sysinfo:
vdom: "{{ vdom }}"
system_snmp_sysinfo:
contact_info: "<your_own_value>"
description: "<your_own_value>"
engine_id: "<your_own_value>"
location: "<your_own_value>"
status: "enable"
trap_high_cpu_threshold: "8"
trap_log_full_threshold: "9"
trap_low_memory_threshold: "10"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_snmp_user – SNMP user configuration in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system_snmp feature and user category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_snmp_user - SNMP user configuration. type: dict
- auth_proto - Authentication protocol. type: str choices: md5, sha
- auth_pwd - Password for authentication protocol. type: str
- events - SNMP notifications (traps) to send. type: list choices: cpu-high, mem-low, log-full, intf-ip, vpn-tun-up, vpn-tun-down, ha-switch, ha-hb-failure, ips-signature, ips-anomaly, av-virus, av-oversize, av-pattern, av-fragmented, fm-if-change, fm-conf-change, bgp-established, bgp-backward-transition, ha-member-up, ha-member-down, ent-conf-change, av-conserve, av-bypass, av-oversize-passed, av-oversize-blocked, ips-pkg-update, ips-fail-open, faz-disconnect, wc-ap-up, wc-ap-down, fswctl-session-up, fswctl-session-down, load-balance-real-server-down, device-new, per-cpu-high
- ha_direct - Enable/disable direct management of HA cluster members. type: str choices: enable, disable
- name - SNMP user name. type: str required: True
- notify_hosts - SNMP managers to send notifications (traps) to. type: list
- notify_hosts6 - IPv6 SNMP managers to send notifications (traps) to. type: list
- priv_proto - Privacy (encryption) protocol. type: str choices: aes, des, aes256, aes256cisco
- priv_pwd - Password for privacy (encryption) protocol. type: str
- queries - Enable/disable SNMP queries for this user. type: str choices: enable, disable
- query_port - SNMPv3 query port . type: int
- security_level - Security level for message authentication and encryption. type: str choices: no-auth-no-priv, auth-no-priv, auth-priv
- source_ip - Source IP for SNMP trap. type: str
- source_ipv6 - Source IPv6 for SNMP trap. type: str
- status - Enable/disable this SNMP user. type: str choices: enable, disable
- trap_lport - SNMPv3 local trap port . type: int
- trap_rport - SNMPv3 trap remote port . type: int
- trap_status - Enable/disable traps for this SNMP user. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: SNMP user configuration.
fortios_system_snmp_user:
vdom: "{{ vdom }}"
state: "present"
system_snmp_user:
auth_proto: "md5"
auth_pwd: "<your_own_value>"
events: "cpu-high"
ha_direct: "enable"
name: "default_name_7"
notify_hosts: "<your_own_value>"
notify_hosts6: "<your_own_value>"
priv_proto: "aes"
priv_pwd: "<your_own_value>"
queries: "enable"
query_port: "13"
security_level: "no-auth-no-priv"
source_ip: "84.230.14.43"
source_ipv6: "<your_own_value>"
status: "enable"
trap_lport: "18"
trap_rport: "19"
trap_status: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_storage – Configure logical storage in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and storage category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_storage - Configure logical storage. type: dict
- device - Partition device. type: str
- media_status - The physical status of current media. type: str choices: enable, disable, fail
- name - Storage name. type: str required: True
- order - Set storage order. type: int
- partition - Label of underlying partition. type: str
- size - Partition size. type: int
- status - Enable/disable storage. type: str choices: enable, disable
- usage - Use hard disk for logging or WAN Optimization . type: str choices: log, wanopt
- wanopt_mode - WAN Optimization mode . type: str choices: mix, wanopt, webcache
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure logical storage.
fortios_system_storage:
vdom: "{{ vdom }}"
state: "present"
system_storage:
device: "<your_own_value>"
media_status: "enable"
name: "default_name_5"
order: "6"
partition: "<your_own_value>"
size: "8"
status: "enable"
usage: "log"
wanopt_mode: "mix"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_stp – Configure Spanning Tree Protocol (STP) in Fortinet’s FortiOS and FortiGate.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and stp category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- system_stp - Configure Spanning Tree Protocol (STP). type: dict
- config_revision - STP configuration revision (0 - 4294967295). type: int
- forward_delay - Forward delay (4 - 30 sec). type: int
- hello_time - Hello time (1 - 10 sec). type: int
- max_age - Maximum packet age (6 - 40 sec). type: int
- max_hops - Maximum number of hops (1 - 40). type: int
- region_name - Set region name. type: str
- status - Enable/disable STP settings. type: str
- switch_priority - STP switch priority; the lower the number the higher the priority (select from 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, and 57344). type: str choices: 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure Spanning Tree Protocol (STP).
fortios_system_stp:
vdom: "{{ vdom }}"
system_stp:
config_revision: "3"
forward_delay: "4"
hello_time: "5"
max_age: "6"
max_hops: "7"
region_name: "<your_own_value>"
status: "<your_own_value>"
switch_priority: "0"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_switch_interface – Configure software switch interfaces by grouping physical and WiFi interfaces in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and switch_interface category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_switch_interface - Configure software switch interfaces by grouping physical and WiFi interfaces. type: dict
- intra_switch_policy - Allow any traffic between switch interfaces or require firewall policies to allow traffic between switch interfaces. type: str choices: implicit, explicit
- member - Names of the interfaces that belong to the virtual switch. type: list
- interface_name - Physical interface name. Source system.interface.name. type: str
- name - Interface name (name cannot be in use by any other interfaces, VLANs, or inter-VDOM links). type: str required: True
- span - Enable/disable port spanning. Port spanning echoes traffic received by the software switch to the span destination port. type: str choices: disable, enable
- span_dest_port - SPAN destination port name. All traffic on the SPAN source ports is echoed to the SPAN destination port. Source system.interface.name. type: str
- span_direction - The direction in which the SPAN port operates, either: rx, tx, or both. type: str choices: rx, tx, both
- span_source_port - Physical interface name. Port spanning echoes all traffic on the SPAN source ports to the SPAN destination port. type: list
- interface_name - Physical interface name. Source system.interface.name. type: str
- type - Type of switch based on functionality: switch for normal functionality, or hub to duplicate packets to all port members. type: str choices: switch, hub
- vdom - VDOM that the software switch belongs to. Source system.vdom.name. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure software switch interfaces by grouping physical and WiFi interfaces.
fortios_system_switch_interface:
vdom: "{{ vdom }}"
state: "present"
system_switch_interface:
intra_switch_policy: "implicit"
member:
-
interface_name: "<your_own_value> (source system.interface.name)"
name: "default_name_6"
span: "disable"
span_dest_port: "<your_own_value> (source system.interface.name)"
span_direction: "rx"
span_source_port:
-
interface_name: "<your_own_value> (source system.interface.name)"
type: "switch"
vdom: "<your_own_value> (source system.vdom.name)"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_tos_based_priority – Configure Type of Service (ToS) based priority table to set network traffic priorities in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and tos_based_priority category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_tos_based_priority - Configure Type of Service (ToS) based priority table to set network traffic priorities. type: dict
- id - Item ID. type: int required: True
- priority - ToS based priority level to low, medium or high (these priorities match firewall traffic shaping priorities) . type: str choices: low, medium, high
- tos - Value of the ToS byte in the IP datagram header (0-15, 8: minimize delay, 4: maximize throughput, 2: maximize reliability, 1: minimize monetary cost, and 0: ). type: int
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure Type of Service (ToS) based priority table to set network traffic priorities.
fortios_system_tos_based_priority:
vdom: "{{ vdom }}"
state: "present"
system_tos_based_priority:
id: "3"
priority: "low"
tos: "5"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_vdom – Configure virtual domain in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and vdom category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- system_vdom - Configure virtual domain. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- name - VDOM name. type: str required: True
- short_name - VDOM short name. type: str
- temporary - Temporary. type: int
- vcluster_id - Virtual cluster ID (0 - 4294967295). type: int
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure virtual domain.
fortios_system_vdom:
vdom: "{{ vdom }}"
state: "present"
system_vdom:
name: "default_name_3"
short_name: "<your_own_value>"
temporary: "5"
vcluster_id: "6"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_vdom_dns – Configure DNS servers for a non-management VDOM in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and vdom_dns category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- system_vdom_dns - Configure DNS servers for a non-management VDOM. type: dict
- ip6_primary - Primary IPv6 DNS server IP address for the VDOM. type: str
- ip6_secondary - Secondary IPv6 DNS server IP address for the VDOM. type: str
- primary - Primary DNS server IP address for the VDOM. type: str
- secondary - Secondary DNS server IP address for the VDOM. type: str
- source_ip - Source IP for communications with the DNS server. type: str
- vdom_dns - Enable/disable configuring DNS servers for the current VDOM. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure DNS servers for a non-management VDOM.
fortios_system_vdom_dns:
vdom: "{{ vdom }}"
system_vdom_dns:
ip6_primary: "<your_own_value>"
ip6_secondary: "<your_own_value>"
primary: "<your_own_value>"
secondary: "<your_own_value>"
source_ip: "84.230.14.43"
vdom_dns: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_vdom_exception – Global configuration objects that can be configured independently for all VDOMs or for the defined VDOM scope in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and vdom_exception category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_vdom_exception - Global configuration objects that can be configured independently for all VDOMs or for the defined VDOM scope. type: dict
- id - Index <1-4096>. type: int required: True
- object - Name of the configuration object that can be configured independently for all VDOMs. type: str choices: log.fortianalyzer.setting, log.fortianalyzer.override-setting
- oid - Object ID. type: int
- scope - Determine whether the configuration object can be configured separately for all VDOMs or if some VDOMs share the same configuration. type: str choices: all, inclusive, exclusive
- vdom - Names of the VDOMs. type: list
- name - VDOM name. Source system.vdom.name. type: str required: True
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Global configuration objects that can be configured independently for all VDOMs or for the defined VDOM scope.
fortios_system_vdom_exception:
vdom: "{{ vdom }}"
state: "present"
system_vdom_exception:
id: "3"
object: "log.fortianalyzer.setting"
oid: "5"
scope: "all"
vdom:
-
name: "default_name_8 (source system.vdom.name)"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_vdom_link – Configure VDOM links in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and vdom_link category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_vdom_link - Configure VDOM links. type: dict
- name - VDOM link name (maximum = 8 characters). type: str required: True
- type - VDOM link type: PPP or Ethernet. type: str choices: ppp, ethernet
- vcluster - Virtual cluster. type: str choices: vcluster1, vcluster2
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure VDOM links.
fortios_system_vdom_link:
vdom: "{{ vdom }}"
state: "present"
system_vdom_link:
name: "default_name_3"
type: "ppp"
vcluster: "vcluster1"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_vdom_netflow – Configure NetFlow per VDOM in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and vdom_netflow category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- system_vdom_netflow - Configure NetFlow per VDOM. type: dict
- collector_ip - NetFlow collector IP address. type: str
- collector_port - NetFlow collector port number. type: int
- source_ip - Source IP address for communication with the NetFlow agent. type: str
- vdom_netflow - Enable/disable NetFlow per VDOM. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure NetFlow per VDOM.
fortios_system_vdom_netflow:
vdom: "{{ vdom }}"
system_vdom_netflow:
collector_ip: "<your_own_value>"
collector_port: "4"
source_ip: "84.230.14.43"
vdom_netflow: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_vdom_property – Configure VDOM property in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and vdom_property category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_vdom_property - Configure VDOM property. type: dict
- custom_service - Maximum guaranteed number of firewall custom services. type: str
- description - Description. type: str
- dialup_tunnel - Maximum guaranteed number of dial-up tunnels. type: str
- firewall_address - Maximum guaranteed number of firewall addresses (IPv4, IPv6, multicast). type: str
- firewall_addrgrp - Maximum guaranteed number of firewall address groups (IPv4, IPv6). type: str
- firewall_policy - Maximum guaranteed number of firewall policies (IPv4, IPv6, policy46, policy64, DoS-policy4, DoS-policy6, multicast). type: str
- ipsec_phase1 - Maximum guaranteed number of VPN IPsec phase 1 tunnels. type: str
- ipsec_phase1_interface - Maximum guaranteed number of VPN IPsec phase1 interface tunnels. type: str
- ipsec_phase2 - Maximum guaranteed number of VPN IPsec phase 2 tunnels. type: str
- ipsec_phase2_interface - Maximum guaranteed number of VPN IPsec phase2 interface tunnels. type: str
- log_disk_quota - Log disk quota in MB (range depends on how much disk space is available). type: str
- name - VDOM name. Source system.vdom.name. type: str required: True
- onetime_schedule - Maximum guaranteed number of firewall one-time schedules. type: str
- proxy - Maximum guaranteed number of concurrent proxy users. type: str
- recurring_schedule - Maximum guaranteed number of firewall recurring schedules. type: str
- service_group - Maximum guaranteed number of firewall service groups. type: str
- session - Maximum guaranteed number of sessions. type: str
- snmp_index - Permanent SNMP Index of the virtual domain (0 - 4294967295). type: int
- sslvpn - Maximum guaranteed number of SSL-VPNs. type: str
- user - Maximum guaranteed number of local users. type: str
- user_group - Maximum guaranteed number of user groups. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure VDOM property.
fortios_system_vdom_property:
vdom: "{{ vdom }}"
state: "present"
system_vdom_property:
custom_service: "<your_own_value>"
description: "<your_own_value>"
dialup_tunnel: "<your_own_value>"
firewall_address: "<your_own_value>"
firewall_addrgrp: "<your_own_value>"
firewall_policy: "<your_own_value>"
ipsec_phase1: "<your_own_value>"
ipsec_phase1_interface: "<your_own_value>"
ipsec_phase2: "<your_own_value>"
ipsec_phase2_interface: "<your_own_value>"
log_disk_quota: "<your_own_value>"
name: "default_name_14 (source system.vdom.name)"
onetime_schedule: "<your_own_value>"
proxy: "<your_own_value>"
recurring_schedule: "<your_own_value>"
service_group: "<your_own_value>"
session: "<your_own_value>"
snmp_index: "20"
sslvpn: "<your_own_value>"
user: "<your_own_value>"
user_group: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_vdom_radius_server – Configure a RADIUS server to use as a RADIUS Single Sign On (RSSO) server for this VDOM in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and vdom_radius_server category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_vdom_radius_server - Configure a RADIUS server to use as a RADIUS Single Sign On (RSSO) server for this VDOM. type: dict
- name - Name of the VDOM that you are adding the RADIUS server to. Source system.vdom.name. type: str required: True
- radius_server_vdom - Use this option to select another VDOM containing a VDOM RSSO RADIUS server to use for the current VDOM. Source system.vdom.name. type: str
- status - Enable/disable the RSSO RADIUS server for this VDOM. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure a RADIUS server to use as a RADIUS Single Sign On (RSSO) server for this VDOM.
fortios_system_vdom_radius_server:
vdom: "{{ vdom }}"
state: "present"
system_vdom_radius_server:
name: "default_name_3 (source system.vdom.name)"
radius_server_vdom: "<your_own_value> (source system.vdom.name)"
status: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_vdom_sflow – Configure sFlow per VDOM to add or change the IP address and UDP port that FortiGate sFlow agents in this VDOM use to send sFlow datagrams to an sFlow collector in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and vdom_sflow category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- system_vdom_sflow - Configure sFlow per VDOM to add or change the IP address and UDP port that FortiGate sFlow agents in this VDOM use to send sFlow datagrams to an sFlow collector. type: dict
- collector_ip - IP address of the sFlow collector that sFlow agents added to interfaces in this VDOM send sFlow datagrams to . type: str
- collector_port - UDP port number used for sending sFlow datagrams (configure only if required by your sFlow collector or your network configuration) (0 - 65535). type: int
- source_ip - Source IP address for sFlow agent. type: str
- vdom_sflow - Enable/disable the sFlow configuration for the current VDOM. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure sFlow per VDOM to add or change the IP address and UDP port that FortiGate sFlow agents in this VDOM use to send sFlow datagrams to an
sFlow collector.
fortios_system_vdom_sflow:
vdom: "{{ vdom }}"
system_vdom_sflow:
collector_ip: "<your_own_value>"
collector_port: "4"
source_ip: "84.230.14.43"
vdom_sflow: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_virtual_switch – Configure virtual hardware switch interfaces in Fortinet’s FortiOS and FortiGate.¶
New in version 2.10.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and virtual_switch category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_virtual_switch - Configure virtual hardware switch interfaces. type: dict
- name - Name of the virtual switch. type: str required: True
- physical_switch - Physical switch parent. Source system.physical-switch.name. type: str
- port - Configure member ports. type: list
- alias - Alias. type: str
- name - Physical interface name. type: str required: True
- speed - Interface speed. type: str choices: auto, 10full, 10half, 100full, 100half, 1000full, 1000half, 1000auto
- status - Interface status. type: str choices: up, down
- span - Enable/disable SPAN. type: str choices: disable, enable
- span_dest_port - SPAN destination port. type: str
- span_direction - SPAN direction. type: str choices: rx, tx, both
- span_source_port - SPAN source ports. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure virtual hardware switch interfaces.
fortios_system_virtual_switch:
vdom: "{{ vdom }}"
state: "present"
system_virtual_switch:
name: "default_name_3"
physical_switch: "<your_own_value> (source system.physical-switch.name)"
port:
-
alias: "<your_own_value>"
name: "default_name_7"
speed: "auto"
status: "up"
span: "disable"
span_dest_port: "<your_own_value>"
span_direction: "rx"
span_source_port: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_virtual_wan_link – Configure redundant internet connections using SD-WAN (formerly virtual WAN link) in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and virtual_wan_link category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- system_virtual_wan_link - Configure redundant internet connections using SD-WAN (formerly virtual WAN link). type: dict
- fail_alert_interfaces - Physical interfaces that will be alerted. type: list
- name - Physical interface name. Source system.interface.name. type: str required: True
- fail_detect - Enable/disable SD-WAN Internet connection status checking (failure detection). type: str choices: enable, disable
- health_check - SD-WAN status checking or health checking. Identify a server on the Internet and determine how SD-WAN verifies that the FortiGate can communicate with it. type: list
- addr_mode - Address mode (IPv4 or IPv6). type: str choices: ipv4, ipv6
- failtime - Number of failures before server is considered lost (1 - 3600). type: int
- http_agent - String in the http-agent field in the HTTP header. type: str
- http_get - URL used to communicate with the server if the protocol if the protocol is HTTP. type: str
- http_match - Response string expected from the server if the protocol is HTTP. type: str
- interval - Status check interval, or the time between attempting to connect to the server (1 - 3600 sec). type: int
- members - Member sequence number list. type: list
- seq_num - Member sequence number. Source system.virtual-wan-link.members.seq-num. type: int
- name - Status check or health check name. type: str required: True
- packet_size - Packet size of a twamp test session, type: int
- password - Twamp controller password in authentication mode type: str
- port - Port number used to communicate with the server over the selected protocol. type: int
- protocol - Protocol used to determine if the FortiGate can communicate with the server. type: str choices: ping, tcp-echo, udp-echo, http, twamp, ping6
- recoverytime - Number of successful responses received before server is considered recovered (1 - 3600). type: int
- security_mode - Twamp controller security mode. type: str choices: none, authentication
- server - IP address or FQDN name of the server. type: str
- sla - Service level agreement (SLA). type: list
- id - SLA ID. type: int required: True
- jitter_threshold - Jitter for SLA to make decision in milliseconds. (0 - 10000000). type: int
- latency_threshold - Latency for SLA to make decision in milliseconds. (0 - 10000000). type: int
- link_cost_factor - Criteria on which to base link selection. type: str choices: latency, jitter, packet-loss
- packetloss_threshold - Packet loss for SLA to make decision in percentage. (0 - 100). type: int
- threshold_alert_jitter - Alert threshold for jitter (ms). type: int
- threshold_alert_latency - Alert threshold for latency (ms). type: int
- threshold_alert_packetloss - Alert threshold for packet loss (percentage). type: int
- threshold_warning_jitter - Warning threshold for jitter (ms). type: int
- threshold_warning_latency - Warning threshold for latency (ms). type: int
- threshold_warning_packetloss - Warning threshold for packet loss (percentage). type: int
- update_cascade_interface - Enable/disable update cascade interface. type: str choices: enable, disable
- update_static_route - Enable/disable updating the static route. type: str choices: enable, disable
- load_balance_mode - Algorithm or mode to use for load balancing Internet traffic to SD-WAN members. type: str choices: source-ip-based, weight-based, usage-based, source-dest-ip-based, measured-volume-based
- members - Physical FortiGate interfaces added to the virtual-wan-link. type: list
- comment - Comments. type: str
- gateway - The default gateway for this interface. Usually the default gateway of the Internet service provider that this interface is connected to. type: str
- gateway6 - IPv6 gateway. type: str
- ingress_spillover_threshold - Ingress spillover threshold for this interface (0 - 16776000 kbit/s). When this traffic volume threshold is reached, new sessions spill over to other interfaces in the SD-WAN. type: int
- interface - Interface name. Source system.interface.name. type: str
- priority - Priority of the interface (0 - 4294967295). Used for SD-WAN rules or priority rules. type: int
- seq_num - Sequence number(1-255). type: int
- source - Source IP address used in the health-check packet to the server. type: str
- source6 - Source IPv6 address used in the health-check packet to the server. type: str
- spillover_threshold - Egress spillover threshold for this interface (0 - 16776000 kbit/s). When this traffic volume threshold is reached, new sessions spill over to other interfaces in the SD-WAN. type: int
- status - Enable/disable this interface in the SD-WAN. type: str choices: disable, enable
- volume_ratio - Measured volume ratio (this value / sum of all values = percentage of link volume, 0 - 255). type: int
- weight - Weight of this interface for weighted load balancing. (0 - 255) More traffic is directed to interfaces with higher weights. type: int
- service - Create SD-WAN rules or priority rules (also called services) to control how sessions are distributed to physical interfaces in the SD-WAN. type: list
- addr_mode - Address mode (IPv4 or IPv6). type: str choices: ipv4, ipv6
- bandwidth_weight - Coefficient of reciprocal of available bidirectional bandwidth in the formula of custom-profile-1. type: int
- default - Enable/disable use of SD-WAN as default service. type: str choices: enable, disable
- dscp_forward - Enable/disable forward traffic DSCP tag. type: str choices: enable, disable
- dscp_forward_tag - Forward traffic DSCP tag. type: str
- dscp_reverse - Enable/disable reverse traffic DSCP tag. type: str choices: enable, disable
- dscp_reverse_tag - Reverse traffic DSCP tag. type: str
- dst - Destination address name. type: list
- name - Address or address group name. Source firewall.address.name firewall.addrgrp.name. type: str required: True
- dst_negate - Enable/disable negation of destination address match. type: str choices: enable, disable
- dst6 - Destination address6 name. type: list
- name - Address6 or address6 group name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: True
- end_port - End destination port number. type: int
- gateway - Enable/disable SD-WAN service gateway. type: str choices: enable, disable
- groups - User groups. type: list
- name - Group name. Source user.group.name. type: str required: True
- health_check - Health check. Source system.virtual-wan-link.health-check.name. type: str
- hold_down_time - Waiting period in seconds when switching from the back-up member to the primary member (0 - 10000000). type: int
- id - Priority rule ID (1 - 4000). type: int required: True
- input_device - Source interface name. type: list
- name - Interface name. Source system.interface.name. type: str required: True
- internet_service - Enable/disable use of Internet service for application-based load balancing. type: str choices: enable, disable
- internet_service_ctrl - Control-based Internet Service ID list. type: list
- id - Control-based Internet Service ID. type: int required: True
- internet_service_ctrl_group - Control-based Internet Service group list. type: list
- name - Control-based Internet Service group name. Source application.group.name. type: str required: True
- internet_service_custom - Custom Internet service name list. type: list
- name - Custom Internet service name. Source firewall.internet-service-custom.name. type: str required: True
- internet_service_custom_group - Custom Internet Service group list. type: list
- name - Custom Internet Service group name. Source firewall.internet-service-custom-group.name. type: str required: True
- internet_service_group - Internet Service group list. type: list
- name - Internet Service group name. Source firewall.internet-service-group.name. type: str required: True
- internet_service_id - Internet service ID list. type: list
- id - Internet service ID. Source firewall.internet-service.id. type: int required: True
- jitter_weight - Coefficient of jitter in the formula of custom-profile-1. type: int
- latency_weight - Coefficient of latency in the formula of custom-profile-1. type: int
- link_cost_factor - Link cost factor. type: str choices: latency, jitter, packet-loss, inbandwidth, outbandwidth, bibandwidth, custom-profile-1
- link_cost_threshold - Percentage threshold change of link cost values that will result in policy route regeneration (0 - 10000000). type: int
- member - Member sequence number. type: int
- mode - Control how the priority rule sets the priority of interfaces in the SD-WAN. type: str choices: auto, manual, priority, sla
- name - Priority rule name. type: str
- packet_loss_weight - Coefficient of packet-loss in the formula of custom-profile-1. type: int
- priority_members - Member sequence number list. type: list
- seq_num - Member sequence number. Source system.virtual-wan-link.members.seq-num. type: int
- protocol - Protocol number. type: int
- quality_link - Quality grade. type: int
- route_tag - IPv4 route map route-tag. type: int
- sla - Service level agreement (SLA). type: list
- health_check - Virtual WAN Link health-check. Source system.virtual-wan-link.health-check.name. type: str
- id - SLA ID. type: int
- src - Source address name. type: list
- name - Address or address group name. Source firewall.address.name firewall.addrgrp.name. type: str required: True
- src_negate - Enable/disable negation of source address match. type: str choices: enable, disable
- src6 - Source address6 name. type: list
- name - Address6 or address6 group name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: True
- start_port - Start destination port number. type: int
- status - Enable/disable SD-WAN service. type: str choices: enable, disable
- tos - Type of service bit pattern. type: str
- tos_mask - Type of service evaluated bits. type: str
- users - User name. type: list
- name - User name. Source user.local.name. type: str required: True
- status - Enable/disable SD-WAN. type: str choices: disable, enable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure redundant internet connections using SD-WAN (formerly virtual WAN link).
fortios_system_virtual_wan_link:
vdom: "{{ vdom }}"
system_virtual_wan_link:
fail_alert_interfaces:
-
name: "default_name_4 (source system.interface.name)"
fail_detect: "enable"
health_check:
-
addr_mode: "ipv4"
failtime: "8"
http_agent: "<your_own_value>"
http_get: "<your_own_value>"
http_match: "<your_own_value>"
interval: "12"
members:
-
seq_num: "14 (source system.virtual-wan-link.members.seq-num)"
name: "default_name_15"
packet_size: "16"
password: "<your_own_value>"
port: "18"
protocol: "ping"
recoverytime: "20"
security_mode: "none"
server: "192.168.100.40"
sla:
-
id: "24"
jitter_threshold: "25"
latency_threshold: "26"
link_cost_factor: "latency"
packetloss_threshold: "28"
threshold_alert_jitter: "29"
threshold_alert_latency: "30"
threshold_alert_packetloss: "31"
threshold_warning_jitter: "32"
threshold_warning_latency: "33"
threshold_warning_packetloss: "34"
update_cascade_interface: "enable"
update_static_route: "enable"
load_balance_mode: "source-ip-based"
members:
-
comment: "Comments."
gateway: "<your_own_value>"
gateway6: "<your_own_value>"
ingress_spillover_threshold: "42"
interface: "<your_own_value> (source system.interface.name)"
priority: "44"
seq_num: "45"
source: "<your_own_value>"
source6: "<your_own_value>"
spillover_threshold: "48"
status: "disable"
volume_ratio: "50"
weight: "51"
service:
-
addr_mode: "ipv4"
bandwidth_weight: "54"
default: "enable"
dscp_forward: "enable"
dscp_forward_tag: "<your_own_value>"
dscp_reverse: "enable"
dscp_reverse_tag: "<your_own_value>"
dst:
-
name: "default_name_61 (source firewall.address.name firewall.addrgrp.name)"
dst_negate: "enable"
dst6:
-
name: "default_name_64 (source firewall.address6.name firewall.addrgrp6.name)"
end_port: "65"
gateway: "enable"
groups:
-
name: "default_name_68 (source user.group.name)"
health_check: "<your_own_value> (source system.virtual-wan-link.health-check.name)"
hold_down_time: "70"
id: "71"
input_device:
-
name: "default_name_73 (source system.interface.name)"
internet_service: "enable"
internet_service_ctrl:
-
id: "76"
internet_service_ctrl_group:
-
name: "default_name_78 (source application.group.name)"
internet_service_custom:
-
name: "default_name_80 (source firewall.internet-service-custom.name)"
internet_service_custom_group:
-
name: "default_name_82 (source firewall.internet-service-custom-group.name)"
internet_service_group:
-
name: "default_name_84 (source firewall.internet-service-group.name)"
internet_service_id:
-
id: "86 (source firewall.internet-service.id)"
jitter_weight: "87"
latency_weight: "88"
link_cost_factor: "latency"
link_cost_threshold: "90"
member: "91"
mode: "auto"
name: "default_name_93"
packet_loss_weight: "94"
priority_members:
-
seq_num: "96 (source system.virtual-wan-link.members.seq-num)"
protocol: "97"
quality_link: "98"
route_tag: "99"
sla:
-
health_check: "<your_own_value> (source system.virtual-wan-link.health-check.name)"
id: "102"
src:
-
name: "default_name_104 (source firewall.address.name firewall.addrgrp.name)"
src_negate: "enable"
src6:
-
name: "default_name_107 (source firewall.address6.name firewall.addrgrp6.name)"
start_port: "108"
status: "enable"
tos: "<your_own_value>"
tos_mask: "<your_own_value>"
users:
-
name: "default_name_113 (source user.local.name)"
status: "disable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_virtual_wire_pair – Configure virtual wire pairs in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and virtual_wire_pair category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_virtual_wire_pair - Configure virtual wire pairs. type: dict
- member - Interfaces belong to the virtual-wire-pair. type: list
- interface_name - Interface name. Source system.interface.name. type: str
- name - Virtual-wire-pair name. Must be a unique interface name. type: str required: True
- vlan_filter - Set VLAN filters. type: str
- wildcard_vlan - Enable/disable wildcard VLAN. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure virtual wire pairs.
fortios_system_virtual_wire_pair:
vdom: "{{ vdom }}"
state: "present"
system_virtual_wire_pair:
member:
-
interface_name: "<your_own_value> (source system.interface.name)"
name: "default_name_5"
vlan_filter: "<your_own_value>"
wildcard_vlan: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_vmlicense – Update VM license using uploaded file. Reboots immediately if successful in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and vmlicense category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- system_vmlicense - Update VM license using uploaded file. Reboots immediately if successful. type: dict
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: no
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 80
license_file: ./FGVMXXXXXX-VM00.lic
license_file_content: "{{ lookup( 'file', license_file) }}"
encoded_license: "{{ license_file_content | string | b64encode }}"
tasks:
- name: Update VM license using uploaded file. Reboots immediately if successful.
fortios_system_vmlicense:
vdom: "{{ vdom }}"
system_vmlicense:
file_content: "{{ encoded_license }}"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: POST
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: vmlicense
- path - Path of the table used to fulfill the request returned: always type: str sample: system
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_vxlan – Configure VXLAN devices in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and vxlan category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_vxlan - Configure VXLAN devices. type: dict
- dstport - VXLAN destination port (1 - 65535). type: int
- interface - Outgoing interface for VXLAN encapsulated traffic. Source system.interface.name. type: str
- ip_version - IP version to use for the VXLAN interface and so for communication over the VXLAN. IPv4 or IPv6 unicast or multicast. type: str choices: ipv4-unicast, ipv6-unicast, ipv4-multicast, ipv6-multicast
- multicast_ttl - VXLAN multicast TTL (1-255). type: int
- name - VXLAN device or interface name. Must be a unique interface name. type: str required: True
- remote_ip - IPv4 address of the VXLAN interface on the device at the remote end of the VXLAN. type: list
- ip - IPv4 address. type: str required: True
- remote_ip6 - IPv6 IP address of the VXLAN interface on the device at the remote end of the VXLAN. type: list
- ip6 - IPv6 address. type: str required: True
- vni - VXLAN network ID. type: int
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure VXLAN devices.
fortios_system_vxlan:
vdom: "{{ vdom }}"
state: "present"
system_vxlan:
dstport: "3"
interface: "<your_own_value> (source system.interface.name)"
ip_version: "ipv4-unicast"
multicast_ttl: "6"
name: "default_name_7"
remote_ip:
-
ip: "<your_own_value>"
remote_ip6:
-
ip6: "<your_own_value>"
vni: "12"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_wccp – Configure WCCP in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and wccp category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_wccp - Configure WCCP. type: dict
- assignment_bucket_format - Assignment bucket format for the WCCP cache engine. type: str choices: wccp-v2, cisco-implementation
- assignment_dstaddr_mask - Assignment destination address mask. type: str
- assignment_method - Hash key assignment preference. type: str choices: HASH, MASK, any
- assignment_srcaddr_mask - Assignment source address mask. type: str
- assignment_weight - Assignment of hash weight/ratio for the WCCP cache engine. type: int
- authentication - Enable/disable MD5 authentication. type: str choices: enable, disable
- cache_engine_method - Method used to forward traffic to the routers or to return to the cache engine. type: str choices: GRE, L2
- cache_id - IP address known to all routers. If the addresses are the same, use the default 0.0.0.0. type: str
- forward_method - Method used to forward traffic to the cache servers. type: str choices: GRE, L2, any
- group_address - IP multicast address used by the cache routers. For the FortiGate to ignore multicast WCCP traffic, use the default 0.0.0.0. type: str
- password - Password for MD5 authentication. type: str
- ports - Service ports. type: str
- ports_defined - Match method. type: str choices: source, destination
- primary_hash - Hash method. type: str choices: src-ip, dst-ip, src-port, dst-port
- priority - Service priority. type: int
- protocol - Service protocol. type: int
- return_method - Method used to decline a redirected packet and return it to the FortiGate. type: str choices: GRE, L2, any
- router_id - IP address known to all cache engines. If all cache engines connect to the same FortiGate interface, use the default 0.0.0.0. type: str
- router_list - IP addresses of one or more WCCP routers. type: str
- server_list - IP addresses and netmasks for up to four cache servers. type: str
- server_type - Cache server type. type: str choices: forward, proxy
- service_id - Service ID. type: str
- service_type - WCCP service type used by the cache server for logical interception and redirection of traffic. type: str choices: auto, standard, dynamic
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure WCCP.
fortios_system_wccp:
vdom: "{{ vdom }}"
state: "present"
system_wccp:
assignment_bucket_format: "wccp-v2"
assignment_dstaddr_mask: "<your_own_value>"
assignment_method: "HASH"
assignment_srcaddr_mask: "<your_own_value>"
assignment_weight: "7"
authentication: "enable"
cache_engine_method: "GRE"
cache_id: "<your_own_value>"
forward_method: "GRE"
group_address: "<your_own_value>"
password: "<your_own_value>"
ports: "<your_own_value>"
ports_defined: "source"
primary_hash: "src-ip"
priority: "17"
protocol: "18"
return_method: "GRE"
router_id: "<your_own_value>"
router_list: "<your_own_value>"
server_list: "<your_own_value>"
server_type: "forward"
service_id: "<your_own_value>"
service_type: "auto"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_system_zone – Configure zones to group two or more interfaces. When a zone is created you can configure policies for the zone instead of individual interfaces in the zone in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and zone category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- system_zone - Configure zones to group two or more interfaces. When a zone is created you can configure policies for the zone instead of individual interfaces in the zone. type: dict
- interface - Add interfaces to this zone. Interfaces must not be assigned to another zone or have firewall policies defined. type: list
- interface_name - Select two or more interfaces to add to the zone. Source system.interface.name. type: str
- intrazone - Allow or deny traffic routing between different interfaces in the same zone . type: str choices: allow, deny
- name - Zone name. type: str required: True
- tagging - Config object tagging. type: list
- category - Tag category. Source system.object-tagging.category. type: str
- name - Tagging entry name. type: str required: True
- tags - Tags. type: list
- name - Tag name. Source system.object-tagging.tags.name. type: str required: True
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure zones to group two or more interfaces. When a zone is created you can configure policies for the zone instead of individual interfaces in
the zone.
fortios_system_zone:
vdom: "{{ vdom }}"
state: "present"
system_zone:
interface:
-
interface_name: "<your_own_value> (source system.interface.name)"
intrazone: "allow"
name: "default_name_6"
tagging:
-
category: "<your_own_value> (source system.object-tagging.category)"
name: "default_name_9"
tags:
-
name: "default_name_11 (source system.object-tagging.tags.name)"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_user_adgrp – Configure FSSO groups in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify user feature and adgrp category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- user_adgrp - Configure FSSO groups. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- name - Name. type: str required: True
- server_name - FSSO agent name. Source user.fsso.name. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure FSSO groups.
fortios_user_adgrp:
vdom: "{{ vdom }}"
state: "present"
user_adgrp:
name: "default_name_3"
server_name: "<your_own_value> (source user.fsso.name)"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_user_device – Configure devices in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify user feature and device category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- user_device - Configure devices. type: dict
- alias - Device alias. type: str required: True
- avatar - Image file for avatar (maximum 4K base64 encoded). type: str
- category - Device category. type: str choices: none, amazon-device, android-device, blackberry-device, fortinet-device, ios-device, windows-device
- comment - Comment. type: str
- mac - Device MAC address. type: str
- master_device - Master device (optional). Source user.device.alias. type: str
- tagging - Config object tagging. type: list
- category - Tag category. Source system.object-tagging.category. type: str
- name - Tagging entry name. type: str required: True
- tags - Tags. type: list
- name - Tag name. Source system.object-tagging.tags.name. type: str required: True
- type - Device type. type: str choices: unknown, android-phone, android-tablet, blackberry-phone, blackberry-playbook, forticam, fortifone, fortinet-device, gaming-console, ip-phone, ipad, iphone, linux-pc, mac, media-streaming, printer, router-nat-device, windows-pc, windows-phone, windows-tablet, other-network-device
- user - User name. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure devices.
fortios_user_device:
vdom: "{{ vdom }}"
state: "present"
user_device:
alias: "<your_own_value>"
avatar: "<your_own_value>"
category: "none"
comment: "Comment."
mac: "<your_own_value>"
master_device: "<your_own_value> (source user.device.alias)"
tagging:
-
category: "<your_own_value> (source system.object-tagging.category)"
name: "default_name_11"
tags:
-
name: "default_name_13 (source system.object-tagging.tags.name)"
type: "unknown"
user: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_user_device_access_list – Configure device access control lists in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify user feature and device_access_list category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- user_device_access_list - Configure device access control lists. type: dict
- default_action - Accept or deny unknown/unspecified devices. type: str choices: accept, deny
- device_list - Device list. type: list
- action - Allow or block device. type: str choices: accept, deny
- device - Firewall device or device group. Source user.device.alias user.device-group.name user.device-category.name. type: str
- id - Entry ID. type: int required: True
- name - Device access list name. type: str required: True
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure device access control lists.
fortios_user_device_access_list:
vdom: "{{ vdom }}"
state: "present"
user_device_access_list:
default_action: "accept"
device_list:
-
action: "accept"
device: "<your_own_value> (source user.device.alias user.device-group.name user.device-category.name)"
id: "7"
name: "default_name_8"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_user_device_category – Configure device categories in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify user feature and device_category category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- user_device_category - Configure device categories. type: dict
- comment - Comment. type: str
- desc - Device category description. type: str
- name - Device category name. type: str required: True
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure device categories.
fortios_user_device_category:
vdom: "{{ vdom }}"
state: "present"
user_device_category:
comment: "Comment."
desc: "<your_own_value>"
name: "default_name_5"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_user_device_group – Configure device groups in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify user feature and device_group category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- user_device_group - Configure device groups. type: dict
- comment - Comment. type: str
- member - Device group member. type: list
- name - Device name. Source user.device.alias user.device-category.name. type: str required: True
- name - Device group name. type: str required: True
- tagging - Config object tagging. type: list
- category - Tag category. Source system.object-tagging.category. type: str
- name - Tagging entry name. type: str required: True
- tags - Tags. type: list
- name - Tag name. Source system.object-tagging.tags.name. type: str required: True
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure device groups.
fortios_user_device_group:
vdom: "{{ vdom }}"
state: "present"
user_device_group:
comment: "Comment."
member:
-
name: "default_name_5 (source user.device.alias user.device-category.name)"
name: "default_name_6"
tagging:
-
category: "<your_own_value> (source system.object-tagging.category)"
name: "default_name_9"
tags:
-
name: "default_name_11 (source system.object-tagging.tags.name)"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_user_domain_controller – Configure domain controller entries in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify user feature and domain_controller category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- user_domain_controller - Configure domain controller entries. type: dict
- domain_name - Domain DNS name. type: str
- ip_address - Domain controller IP address. type: str
- ldap_server - LDAP server name. Source user.ldap.name. type: str
- name - Domain controller entry name. type: str required: True
- port - Port to be used for communication with the domain controller . type: int
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure domain controller entries.
fortios_user_domain_controller:
vdom: "{{ vdom }}"
state: "present"
user_domain_controller:
domain_name: "<your_own_value>"
ip_address: "<your_own_value>"
ldap_server: "<your_own_value> (source user.ldap.name)"
name: "default_name_6"
port: "7"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_user_fortitoken – Configure FortiToken in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify user feature and fortitoken category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- user_fortitoken - Configure FortiToken. type: dict
- activation_code - Mobile token user activation-code. type: str
- activation_expire - Mobile token user activation-code expire time. type: int
- comments - Comment. type: str
- license - Mobile token license. type: str
- os_ver - Device Mobile Version. type: str
- reg_id - Device Reg ID. type: str
- seed - Token seed. type: str
- serial_number - Serial number. type: str
- status - Status type: str choices: active, lock
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure FortiToken.
fortios_user_fortitoken:
vdom: "{{ vdom }}"
state: "present"
user_fortitoken:
activation_code: "<your_own_value>"
activation_expire: "4"
comments: "<your_own_value>"
license: "<your_own_value>"
os_ver: "<your_own_value>"
reg_id: "<your_own_value>"
seed: "<your_own_value>"
serial_number: "<your_own_value>"
status: "active"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_user_fsso – Configure Fortinet Single Sign On (FSSO) agents in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify user feature and fsso category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- user_fsso - Configure Fortinet Single Sign On (FSSO) agents. type: dict
- ldap_server - LDAP server to get group information. Source user.ldap.name. type: str
- name - Name. type: str required: True
- password - Password of the first FSSO collector agent. type: str
- password2 - Password of the second FSSO collector agent. type: str
- password3 - Password of the third FSSO collector agent. type: str
- password4 - Password of the fourth FSSO collector agent. type: str
- password5 - Password of the fifth FSSO collector agent. type: str
- port - Port of the first FSSO collector agent. type: int
- port2 - Port of the second FSSO collector agent. type: int
- port3 - Port of the third FSSO collector agent. type: int
- port4 - Port of the fourth FSSO collector agent. type: int
- port5 - Port of the fifth FSSO collector agent. type: int
- server - Domain name or IP address of the first FSSO collector agent. type: str
- server2 - Domain name or IP address of the second FSSO collector agent. type: str
- server3 - Domain name or IP address of the third FSSO collector agent. type: str
- server4 - Domain name or IP address of the fourth FSSO collector agent. type: str
- server5 - Domain name or IP address of the fifth FSSO collector agent. type: str
- source_ip - Source IP for communications to FSSO agent. type: str
- source_ip6 - IPv6 source for communications to FSSO agent. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure Fortinet Single Sign On (FSSO) agents.
fortios_user_fsso:
vdom: "{{ vdom }}"
state: "present"
user_fsso:
ldap_server: "<your_own_value> (source user.ldap.name)"
name: "default_name_4"
password: "<your_own_value>"
password2: "<your_own_value>"
password3: "<your_own_value>"
password4: "<your_own_value>"
password5: "<your_own_value>"
port: "10"
port2: "11"
port3: "12"
port4: "13"
port5: "14"
server: "192.168.100.40"
server2: "<your_own_value>"
server3: "<your_own_value>"
server4: "<your_own_value>"
server5: "<your_own_value>"
source_ip: "84.230.14.43"
source_ip6: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_user_fsso_polling – Configure FSSO active directory servers for polling mode in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify user feature and fsso_polling category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- user_fsso_polling - Configure FSSO active directory servers for polling mode. type: dict
- adgrp - LDAP Group Info. type: list
- name - Name. type: str required: True
- default_domain - Default domain managed by this Active Directory server. type: str
- id - Active Directory server ID. type: int required: True
- ldap_server - LDAP server name used in LDAP connection strings. Source user.ldap.name. type: str
- logon_history - Number of hours of logon history to keep, 0 means keep all history. type: int
- password - Password required to log into this Active Directory server type: str
- polling_frequency - Polling frequency (every 1 to 30 seconds). type: int
- port - Port to communicate with this Active Directory server. type: int
- server - Host name or IP address of the Active Directory server. type: str
- status - Enable/disable polling for the status of this Active Directory server. type: str choices: enable, disable
- user - User name required to log into this Active Directory server. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure FSSO active directory servers for polling mode.
fortios_user_fsso_polling:
vdom: "{{ vdom }}"
state: "present"
user_fsso_polling:
adgrp:
-
name: "default_name_4"
default_domain: "<your_own_value>"
id: "6"
ldap_server: "<your_own_value> (source user.ldap.name)"
logon_history: "8"
password: "<your_own_value>"
polling_frequency: "10"
port: "11"
server: "192.168.100.40"
status: "enable"
user: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_user_group – Configure user groups in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify user feature and group category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- user_group - Configure user groups. type: dict
- auth_concurrent_override - Enable/disable overriding the global number of concurrent authentication sessions for this user group. type: str choices: enable, disable
- auth_concurrent_value - Maximum number of concurrent authenticated connections per user (0 - 100). type: int
- authtimeout - Authentication timeout in minutes for this user group. 0 to use the global user setting auth-timeout. type: int
- company - Set the action for the company guest user field. type: str choices: optional, mandatory, disabled
- email - Enable/disable the guest user email address field. type: str choices: disable, enable
- expire - Time in seconds before guest user accounts expire. (1 - 31536000 sec) type: int
- expire_type - Determine when the expiration countdown begins. type: str choices: immediately, first-successful-login
- group_type - Set the group to be for firewall authentication, FSSO, RSSO, or guest users. type: str choices: firewall, fsso-service, rsso, guest
- guest - Guest User. type: list
- comment - Comment. type: str
- company - Set the action for the company guest user field. type: str
- email - Email. type: str
- expiration - Expire time. type: str
- mobile_phone - Mobile phone. type: str
- name - Guest name. type: str
- password - Guest password. type: str
- sponsor - Set the action for the sponsor guest user field. type: str
- user_id - Guest ID. type: str
- http_digest_realm - Realm attribute for MD5-digest authentication. type: str
- id - Group ID. type: int
- match - Group matches. type: list
- group_name - Name of matching group on remote authentication server. type: str
- id - ID. type: int required: True
- server_name - Name of remote auth server. Source user.radius.name user.ldap.name user.tacacs+.name. type: str
- max_accounts - Maximum number of guest accounts that can be created for this group (0 means unlimited). type: int
- member - Names of users, peers, LDAP severs, or RADIUS servers to add to the user group. type: list
- name - Group member name. Source user.peer.name user.local.name user.radius.name user.tacacs+.name user.ldap.name user.adgrp.name user .pop3.name. type: str required: True
- mobile_phone - Enable/disable the guest user mobile phone number field. type: str choices: disable, enable
- multiple_guest_add - Enable/disable addition of multiple guests. type: str choices: disable, enable
- name - Group name. type: str required: True
- password - Guest user password type. type: str choices: auto-generate, specify, disable
- sms_custom_server - SMS server. Source system.sms-server.name. type: str
- sms_server - Send SMS through FortiGuard or other external server. type: str choices: fortiguard, custom
- sponsor - Set the action for the sponsor guest user field. type: str choices: optional, mandatory, disabled
- sso_attribute_value - Name of the RADIUS user group that this local user group represents. type: str
- user_id - Guest user ID type. type: str choices: email, auto-generate, specify
- user_name - Enable/disable the guest user name entry. type: str choices: disable, enable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure user groups.
fortios_user_group:
vdom: "{{ vdom }}"
state: "present"
user_group:
auth_concurrent_override: "enable"
auth_concurrent_value: "4"
authtimeout: "5"
company: "optional"
email: "disable"
expire: "8"
expire_type: "immediately"
group_type: "firewall"
guest:
-
comment: "Comment."
company: "<your_own_value>"
email: "<your_own_value>"
expiration: "<your_own_value>"
mobile_phone: "<your_own_value>"
name: "default_name_17"
password: "<your_own_value>"
sponsor: "<your_own_value>"
user_id: "<your_own_value>"
http_digest_realm: "<your_own_value>"
id: "22"
match:
-
group_name: "<your_own_value>"
id: "25"
server_name: "<your_own_value> (source user.radius.name user.ldap.name user.tacacs+.name)"
max_accounts: "27"
member:
-
name: "default_name_29 (source user.peer.name user.local.name user.radius.name user.tacacs+.name user.ldap.name user.adgrp.name user.pop3.name)"
mobile_phone: "disable"
multiple_guest_add: "disable"
name: "default_name_32"
password: "auto-generate"
sms_custom_server: "<your_own_value> (source system.sms-server.name)"
sms_server: "fortiguard"
sponsor: "optional"
sso_attribute_value: "<your_own_value>"
user_id: "email"
user_name: "disable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_user_krb_keytab – Configure Kerberos keytab entries in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify user feature and krb_keytab category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- user_krb_keytab - Configure Kerberos keytab entries. type: dict
- keytab - base64 coded keytab file containing a pre-shared key. type: str
- ldap_server - LDAP server name. Source user.ldap.name. type: str
- name - Kerberos keytab entry name. type: str required: True
- principal - Kerberos service principal, e.g. HTTP/fgt.example.com@EXAMPLE.COM. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure Kerberos keytab entries.
fortios_user_krb_keytab:
vdom: "{{ vdom }}"
state: "present"
user_krb_keytab:
keytab: "<your_own_value>"
ldap_server: "<your_own_value> (source user.ldap.name)"
name: "default_name_5"
principal: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_user_ldap – Configure LDAP server entries in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify user feature and ldap category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- user_ldap - Configure LDAP server entries. type: dict
- account_key_filter - Account key filter, using the UPN as the search filter. type: str
- account_key_processing - Account key processing operation, either keep or strip domain string of UPN in the token. type: str choices: same, strip
- ca_cert - CA certificate name. Source vpn.certificate.ca.name. type: str
- cnid - Common name identifier for the LDAP server. The common name identifier for most LDAP servers is "cn". type: str
- dn - Distinguished name used to look up entries on the LDAP server. type: str
- group_filter - Filter used for group matching. type: str
- group_member_check - Group member checking methods. type: str choices: user-attr, group-object, posix-group-object
- group_object_filter - Filter used for group searching. type: str
- group_search_base - Search base used for group searching. type: str
- member_attr - Name of attribute from which to get group membership. type: str
- name - LDAP server entry name. type: str required: True
- password - Password for initial binding. type: str
- password_expiry_warning - Enable/disable password expiry warnings. type: str choices: enable, disable
- password_renewal - Enable/disable online password renewal. type: str choices: enable, disable
- port - Port to be used for communication with the LDAP server . type: int
- secondary_server - Secondary LDAP server CN domain name or IP. type: str
- secure - Port to be used for authentication. type: str choices: disable, starttls, ldaps
- server - LDAP server CN domain name or IP. type: str
- server_identity_check - Enable/disable LDAP server identity check (verify server domain name/IP address against the server certificate). type: str choices: enable, disable
- source_ip - Source IP for communications to LDAP server. type: str
- ssl_min_proto_version - Minimum supported protocol version for SSL/TLS connections . type: str choices: default, SSLv3, TLSv1, TLSv1-1, TLSv1-2
- tertiary_server - Tertiary LDAP server CN domain name or IP. type: str
- type - Authentication type for LDAP searches. type: str choices: simple, anonymous, regular
- username - Username (full DN) for initial binding. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure LDAP server entries.
fortios_user_ldap:
vdom: "{{ vdom }}"
state: "present"
user_ldap:
account_key_filter: "<your_own_value>"
account_key_processing: "same"
ca_cert: "<your_own_value> (source vpn.certificate.ca.name)"
cnid: "<your_own_value>"
dn: "<your_own_value>"
group_filter: "<your_own_value>"
group_member_check: "user-attr"
group_object_filter: "<your_own_value>"
group_search_base: "<your_own_value>"
member_attr: "<your_own_value>"
name: "default_name_13"
password: "<your_own_value>"
password_expiry_warning: "enable"
password_renewal: "enable"
port: "17"
secondary_server: "<your_own_value>"
secure: "disable"
server: "192.168.100.40"
server_identity_check: "enable"
source_ip: "84.230.14.43"
ssl_min_proto_version: "default"
tertiary_server: "<your_own_value>"
type: "simple"
username: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_user_local – Configure local users in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify user feature and local category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- user_local - Configure local users. type: dict
- auth_concurrent_override - Enable/disable overriding the policy-auth-concurrent under config system global. type: str choices: enable, disable
- auth_concurrent_value - Maximum number of concurrent logins permitted from the same user. type: int
- authtimeout - Time in minutes before the authentication timeout for a user is reached. type: int
- email_to - Two-factor recipient"s email address. type: str
- fortitoken - Two-factor recipient"s FortiToken serial number. Source user.fortitoken.serial-number. type: str
- id - User ID. type: int
- ldap_server - Name of LDAP server with which the user must authenticate. Source user.ldap.name. type: str
- name - User name. type: str required: True
- passwd - User"s password. type: str
- passwd_policy - Password policy to apply to this user, as defined in config user password-policy. Source user.password-policy.name. type: str
- passwd_time - Time of the last password update. type: str
- ppk_identity - IKEv2 Postquantum Preshared Key Identity. type: str
- ppk_secret - IKEv2 Postquantum Preshared Key (ASCII string or hexadecimal encoded with a leading 0x). type: str
- radius_server - Name of RADIUS server with which the user must authenticate. Source user.radius.name. type: str
- sms_custom_server - Two-factor recipient"s SMS server. Source system.sms-server.name. type: str
- sms_phone - Two-factor recipient"s mobile phone number. type: str
- sms_server - Send SMS through FortiGuard or other external server. type: str choices: fortiguard, custom
- status - Enable/disable allowing the local user to authenticate with the FortiGate unit. type: str choices: enable, disable
- tacacs+_server - Name of TACACS+ server with which the user must authenticate. Source user.tacacs+.name. type: str
- two_factor - Enable/disable two-factor authentication. type: str choices: disable, fortitoken, email, sms
- type - Authentication method. type: str choices: password, radius, tacacs+, ldap
- workstation - Name of the remote user workstation, if you want to limit the user to authenticate only from a particular workstation. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure local users.
fortios_user_local:
vdom: "{{ vdom }}"
state: "present"
user_local:
auth_concurrent_override: "enable"
auth_concurrent_value: "4"
authtimeout: "5"
email_to: "<your_own_value>"
fortitoken: "<your_own_value> (source user.fortitoken.serial-number)"
id: "8"
ldap_server: "<your_own_value> (source user.ldap.name)"
name: "default_name_10"
passwd: "<your_own_value>"
passwd_policy: "<your_own_value> (source user.password-policy.name)"
passwd_time: "<your_own_value>"
ppk_identity: "<your_own_value>"
ppk_secret: "<your_own_value>"
radius_server: "<your_own_value> (source user.radius.name)"
sms_custom_server: "<your_own_value> (source system.sms-server.name)"
sms_phone: "<your_own_value>"
sms_server: "fortiguard"
status: "enable"
tacacs+_server: "<your_own_value> (source user.tacacs+.name)"
two_factor: "disable"
type: "password"
workstation: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_user_password_policy – Configure user password policy in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify user feature and password_policy category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- user_password_policy - Configure user password policy. type: dict
- expire_days - Time in days before the user"s password expires. type: int
- name - Password policy name. type: str required: True
- warn_days - Time in days before a password expiration warning message is displayed to the user upon login. type: int
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure user password policy.
fortios_user_password_policy:
vdom: "{{ vdom }}"
state: "present"
user_password_policy:
expire_days: "3"
name: "default_name_4"
warn_days: "5"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_user_peer – Configure peer users in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify user feature and peer category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- user_peer - Configure peer users. type: dict
- ca - Name of the CA certificate as returned by the execute vpn certificate ca list command. Source vpn.certificate.ca.name. type: str
- cn - Peer certificate common name. type: str
- cn_type - Peer certificate common name type. type: str choices: string, email, FQDN, ipv4, ipv6
- ldap_mode - Mode for LDAP peer authentication. type: str choices: password, principal-name
- ldap_password - Password for LDAP server bind. type: str
- ldap_server - Name of an LDAP server defined under the user ldap command. Performs client access rights check. Source user.ldap.name. type: str
- ldap_username - Username for LDAP server bind. type: str
- mandatory_ca_verify - Determine what happens to the peer if the CA certificate is not installed. Disable to automatically consider the peer certificate as valid. type: str choices: enable, disable
- name - Peer name. type: str required: True
- ocsp_override_server - Online Certificate Status Protocol (OCSP) server for certificate retrieval. Source vpn.certificate.ocsp-server.name. type: str
- passwd - Peer"s password used for two-factor authentication. type: str
- subject - Peer certificate name constraints. type: str
- two_factor - Enable/disable two-factor authentication, applying certificate and password-based authentication. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure peer users.
fortios_user_peer:
vdom: "{{ vdom }}"
state: "present"
user_peer:
ca: "<your_own_value> (source vpn.certificate.ca.name)"
cn: "<your_own_value>"
cn_type: "string"
ldap_mode: "password"
ldap_password: "<your_own_value>"
ldap_server: "<your_own_value> (source user.ldap.name)"
ldap_username: "<your_own_value>"
mandatory_ca_verify: "enable"
name: "default_name_11"
ocsp_override_server: "<your_own_value> (source vpn.certificate.ocsp-server.name)"
passwd: "<your_own_value>"
subject: "<your_own_value>"
two_factor: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_user_peergrp – Configure peer groups in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify user feature and peergrp category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- user_peergrp - Configure peer groups. type: dict
- member - Peer group members. type: list
- name - Peer group member name. Source user.peer.name. type: str required: True
- name - Peer group name. type: str required: True
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure peer groups.
fortios_user_peergrp:
vdom: "{{ vdom }}"
state: "present"
user_peergrp:
member:
-
name: "default_name_4 (source user.peer.name)"
name: "default_name_5"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_user_pop3 – POP3 server entry configuration in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify user feature and pop3 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- user_pop3 - POP3 server entry configuration. type: dict
- name - POP3 server entry name. type: str required: True
- port - POP3 service port number. type: int
- secure - SSL connection. type: str choices: none, starttls, pop3s
- server - {
- ssl_min_proto_version - Minimum supported protocol version for SSL/TLS connections . type: str choices: default, SSLv3, TLSv1, TLSv1-1, TLSv1-2
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: POP3 server entry configuration.
fortios_user_pop3:
vdom: "{{ vdom }}"
state: "present"
user_pop3:
name: "default_name_3"
port: "4"
secure: "none"
server: "192.168.100.40"
ssl_min_proto_version: "default"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_user_quarantine – Configure quarantine support in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify user feature and quarantine category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- user_quarantine - Configure quarantine support. type: dict
- quarantine - Enable/disable quarantine. type: str choices: enable, disable
- targets - Quarantine entry to hold multiple MACs. type: list
- description - Description for the quarantine entry. type: str
- entry - Quarantine entry name. type: str required: True
- macs - Quarantine MACs. type: list
- description - Description for the quarantine MAC. type: str
- entry_id - FSW entry id for the quarantine MAC. type: int
- mac - Quarantine MAC. type: str required: True
- parent - Parent entry name. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure quarantine support.
fortios_user_quarantine:
vdom: "{{ vdom }}"
user_quarantine:
quarantine: "enable"
targets:
-
description: "<your_own_value>"
entry: "<your_own_value>"
macs:
-
description: "<your_own_value>"
entry_id: "9"
mac: "<your_own_value>"
parent: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_user_radius – Configure RADIUS server entries in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify user feature and radius category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- user_radius - Configure RADIUS server entries. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- accounting_server - Additional accounting servers. type: list
- id - ID (0 - 4294967295). type: int required: True
- port - RADIUS accounting port number. type: int
- secret - Secret key. type: str
- server - {
- source_ip - Source IP address for communications to the RADIUS server. type: str
- status - Status. type: str choices: enable, disable
- acct_all_servers - Enable/disable sending of accounting messages to all configured servers . type: str choices: enable, disable
- acct_interim_interval - Time in seconds between each accounting interim update message. type: int
- all_usergroup - Enable/disable automatically including this RADIUS server in all user groups. type: str choices: disable, enable
- auth_type - Authentication methods/protocols permitted for this RADIUS server. type: str choices: auto, ms_chap_v2, ms_chap, chap, pap
- class - Class attribute name(s). type: list
- name - Class name. type: str required: True
- h3c_compatibility - Enable/disable compatibility with the H3C, a mechanism that performs security checking for authentication. type: str choices: enable, disable
- name - RADIUS server entry name. type: str required: True
- nas_ip - IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes. type: str
- password_encoding - Password encoding. type: str choices: auto, ISO-8859-1
- password_renewal - Enable/disable password renewal. type: str choices: enable, disable
- radius_coa - Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. type: str choices: enable, disable
- radius_port - RADIUS service port number. type: int
- rsso - Enable/disable RADIUS based single sign on feature. type: str choices: enable, disable
- rsso_context_timeout - Time in seconds before the logged out user is removed from the "user context list" of logged on users. type: int
- rsso_endpoint_attribute - RADIUS attributes used to extract the user end point identifer from the RADIUS Start record. type: str choices: User-Name, NAS-IP-Address, Framed-IP-Address, Framed-IP-Netmask, Filter-Id, Login-IP-Host, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, Class, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Zone, Acct-Session-Id, Acct-Multi-Session-Id
- rsso_endpoint_block_attribute - RADIUS attributes used to block a user. type: str choices: User-Name, NAS-IP-Address, Framed-IP-Address, Framed-IP-Netmask, Filter-Id, Login-IP-Host, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, Class, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Zone, Acct-Session-Id, Acct-Multi-Session-Id
- rsso_ep_one_ip_only - Enable/disable the replacement of old IP addresses with new ones for the same endpoint on RADIUS accounting Start messages. type: str choices: enable, disable
- rsso_flush_ip_session - Enable/disable flushing user IP sessions on RADIUS accounting Stop messages. type: str choices: enable, disable
- rsso_log_flags - Events to log. type: str choices: protocol-error, profile-missing, accounting-stop-missed, accounting-event, endpoint-block, radiusd-other, none
- rsso_log_period - Time interval in seconds that group event log messages will be generated for dynamic profile events. type: int
- rsso_radius_response - Enable/disable sending RADIUS response packets after receiving Start and Stop records. type: str choices: enable, disable
- rsso_radius_server_port - UDP port to listen on for RADIUS Start and Stop records. type: int
- rsso_secret - RADIUS secret used by the RADIUS accounting server. type: str
- rsso_validate_request_secret - Enable/disable validating the RADIUS request shared secret in the Start or End record. type: str choices: enable, disable
- secondary_secret - Secret key to access the secondary server. type: str
- secondary_server - {
- secret - Pre-shared secret key used to access the primary RADIUS server. type: str
- server - Primary RADIUS server CN domain name or IP address. type: str
- source_ip - Source IP address for communications to the RADIUS server. type: str
- sso_attribute - RADIUS attribute that contains the profile group name to be extracted from the RADIUS Start record. type: str choices: User-Name, NAS-IP-Address, Framed-IP-Address, Framed-IP-Netmask, Filter-Id, Login-IP-Host, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, Class, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Zone, Acct-Session-Id, Acct-Multi-Session-Id
- sso_attribute_key - Key prefix for SSO group value in the SSO attribute. type: str
- sso_attribute_value_override - Enable/disable override old attribute value with new value for the same endpoint. type: str choices: enable, disable
- tertiary_secret - Secret key to access the tertiary server. type: str
- tertiary_server - {
- timeout - Time in seconds between re-sending authentication requests. type: int
- use_management_vdom - Enable/disable using management VDOM to send requests. type: str choices: enable, disable
- username_case_sensitive - Enable/disable case sensitive user names. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure RADIUS server entries.
fortios_user_radius:
vdom: "{{ vdom }}"
state: "present"
user_radius:
accounting_server:
-
id: "4"
port: "5"
secret: "<your_own_value>"
server: "192.168.100.40"
source_ip: "84.230.14.43"
status: "enable"
acct_all_servers: "enable"
acct_interim_interval: "11"
all_usergroup: "disable"
auth_type: "auto"
class:
-
name: "default_name_15"
h3c_compatibility: "enable"
name: "default_name_17"
nas_ip: "<your_own_value>"
password_encoding: "auto"
password_renewal: "enable"
radius_coa: "enable"
radius_port: "22"
rsso: "enable"
rsso_context_timeout: "24"
rsso_endpoint_attribute: "User-Name"
rsso_endpoint_block_attribute: "User-Name"
rsso_ep_one_ip_only: "enable"
rsso_flush_ip_session: "enable"
rsso_log_flags: "protocol-error"
rsso_log_period: "30"
rsso_radius_response: "enable"
rsso_radius_server_port: "32"
rsso_secret: "<your_own_value>"
rsso_validate_request_secret: "enable"
secondary_secret: "<your_own_value>"
secondary_server: "<your_own_value>"
secret: "<your_own_value>"
server: "192.168.100.40"
source_ip: "84.230.14.43"
sso_attribute: "User-Name"
sso_attribute_key: "<your_own_value>"
sso_attribute_value_override: "enable"
tertiary_secret: "<your_own_value>"
tertiary_server: "<your_own_value>"
timeout: "45"
use_management_vdom: "enable"
username_case_sensitive: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_user_security_exempt_list – Configure security exemption list in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify user feature and security_exempt_list category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- user_security_exempt_list - Configure security exemption list. type: dict
- description - Description. type: str
- name - Name of the exempt list. type: str required: True
- rule - Configure rules for exempting users from captive portal authentication. type: list
- devices - Devices or device groups. type: list
- name - Device or group name. Source user.device.alias user.device-group.name user.device-category.name. type: str required: True
- dstaddr - Destination addresses or address groups. type: list
- name - Address or group name. Source firewall.address.name firewall.addrgrp.name. type: str required: True
- id - ID. type: int required: True
- service - Destination services. type: list
- name - Service name. Source firewall.service.custom.name firewall.service.group.name. type: str required: True
- srcaddr - Source addresses or address groups. type: list
- name - Address or group name. Source firewall.address.name firewall.addrgrp.name. type: str required: True
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure security exemption list.
fortios_user_security_exempt_list:
vdom: "{{ vdom }}"
state: "present"
user_security_exempt_list:
description: "<your_own_value>"
name: "default_name_4"
rule:
-
devices:
-
name: "default_name_7 (source user.device.alias user.device-group.name user.device-category.name)"
dstaddr:
-
name: "default_name_9 (source firewall.address.name firewall.addrgrp.name)"
id: "10"
service:
-
name: "default_name_12 (source firewall.service.custom.name firewall.service.group.name)"
srcaddr:
-
name: "default_name_14 (source firewall.address.name firewall.addrgrp.name)"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_user_setting – Configure user authentication setting in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify user feature and setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- user_setting - Configure user authentication setting. type: dict
- auth_blackout_time - Time in seconds an IP address is denied access after failing to authenticate five times within one minute. type: int
- auth_ca_cert - HTTPS CA certificate for policy authentication. Source vpn.certificate.local.name. type: str
- auth_cert - HTTPS server certificate for policy authentication. Source vpn.certificate.local.name. type: str
- auth_http_basic - Enable/disable use of HTTP basic authentication for identity-based firewall policies. type: str choices: enable, disable
- auth_invalid_max - Maximum number of failed authentication attempts before the user is blocked. type: int
- auth_lockout_duration - Lockout period in seconds after too many login failures. type: int
- auth_lockout_threshold - Maximum number of failed login attempts before login lockout is triggered. type: int
- auth_portal_timeout - Time in minutes before captive portal user have to re-authenticate (1 - 30 min). type: int
- auth_ports - Set up non-standard ports for authentication with HTTP, HTTPS, FTP, and TELNET. type: list
- id - ID. type: int required: True
- port - Non-standard port for firewall user authentication. type: int
- type - Service type. type: str choices: http, https, ftp, telnet
- auth_secure_http - Enable/disable redirecting HTTP user authentication to more secure HTTPS. type: str choices: enable, disable
- auth_src_mac - Enable/disable source MAC for user identity. type: str choices: enable, disable
- auth_ssl_allow_renegotiation - Allow/forbid SSL re-negotiation for HTTPS authentication. type: str choices: enable, disable
- auth_timeout - Time in minutes before the firewall user authentication timeout requires the user to re-authenticate. type: int
- auth_timeout_type - Control if authenticated users have to login again after a hard timeout, after an idle timeout, or after a session timeout. type: str choices: idle-timeout, hard-timeout, new-session
- auth_type - Supported firewall policy authentication protocols/methods. type: str choices: http, https, ftp, telnet
- radius_ses_timeout_act - Set the RADIUS session timeout to a hard timeout or to ignore RADIUS server session timeouts. type: str choices: hard-timeout, ignore-timeout
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure user authentication setting.
fortios_user_setting:
vdom: "{{ vdom }}"
user_setting:
auth_blackout_time: "3"
auth_ca_cert: "<your_own_value> (source vpn.certificate.local.name)"
auth_cert: "<your_own_value> (source vpn.certificate.local.name)"
auth_http_basic: "enable"
auth_invalid_max: "7"
auth_lockout_duration: "8"
auth_lockout_threshold: "9"
auth_portal_timeout: "10"
auth_ports:
-
id: "12"
port: "13"
type: "http"
auth_secure_http: "enable"
auth_src_mac: "enable"
auth_ssl_allow_renegotiation: "enable"
auth_timeout: "18"
auth_timeout_type: "idle-timeout"
auth_type: "http"
radius_ses_timeout_act: "hard-timeout"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_user_tacacsplus – Configure TACACS+ server entries in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify user feature and tacacsplus category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- user_tacacsplus - Configure TACACS+ server entries. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- authen_type - Allowed authentication protocols/methods. type: str choices: mschap, chap, pap, ascii, auto
- authorization - Enable/disable TACACS+ authorization. type: str choices: enable, disable
- key - Key to access the primary server. type: str
- name - TACACS+ server entry name. type: str required: True
- port - Port number of the TACACS+ server. type: int
- secondary_key - Key to access the secondary server. type: str
- secondary_server - Secondary TACACS+ server CN domain name or IP address. type: str
- server - Primary TACACS+ server CN domain name or IP address. type: str
- source_ip - source IP for communications to TACACS+ server. type: str
- tertiary_key - Key to access the tertiary server. type: str
- tertiary_server - Tertiary TACACS+ server CN domain name or IP address. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure TACACS+ server entries.
fortios_user_tacacsplus:
vdom: "{{ vdom }}"
state: "present"
user_tacacsplus:
authen_type: "mschap"
authorization: "enable"
key: "<your_own_value>"
name: "default_name_6"
port: "7"
secondary_key: "<your_own_value>"
secondary_server: "<your_own_value>"
server: "192.168.100.40"
source_ip: "84.230.14.43"
tertiary_key: "<your_own_value>"
tertiary_server: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_voip_profile – Configure VoIP profiles in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify voip feature and profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- voip_profile - Configure VoIP profiles. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- comment - Comment. type: str
- name - Profile name. type: str required: True
- sccp - SCCP. type: dict
- block_mcast - Enable/disable block multicast RTP connections. type: str choices: disable, enable
- log_call_summary - Enable/disable log summary of SCCP calls. type: str choices: disable, enable
- log_violations - Enable/disable logging of SCCP violations. type: str choices: disable, enable
- max_calls - Maximum calls per minute per SCCP client (max 65535). type: int
- status - Enable/disable SCCP. type: str choices: disable, enable
- verify_header - Enable/disable verify SCCP header content. type: str choices: disable, enable
- sip - SIP. type: dict
- ack_rate - ACK request rate limit (per second, per policy). type: int
- block_ack - Enable/disable block ACK requests. type: str choices: disable, enable
- block_bye - Enable/disable block BYE requests. type: str choices: disable, enable
- block_cancel - Enable/disable block CANCEL requests. type: str choices: disable, enable
- block_geo_red_options - Enable/disable block OPTIONS requests, but OPTIONS requests still notify for redundancy. type: str choices: disable, enable
- block_info - Enable/disable block INFO requests. type: str choices: disable, enable
- block_invite - Enable/disable block INVITE requests. type: str choices: disable, enable
- block_long_lines - Enable/disable block requests with headers exceeding max-line-length. type: str choices: disable, enable
- block_message - Enable/disable block MESSAGE requests. type: str choices: disable, enable
- block_notify - Enable/disable block NOTIFY requests. type: str choices: disable, enable
- block_options - Enable/disable block OPTIONS requests and no OPTIONS as notifying message for redundancy either. type: str choices: disable, enable
- block_prack - Enable/disable block prack requests. type: str choices: disable, enable
- block_publish - Enable/disable block PUBLISH requests. type: str choices: disable, enable
- block_refer - Enable/disable block REFER requests. type: str choices: disable, enable
- block_register - Enable/disable block REGISTER requests. type: str choices: disable, enable
- block_subscribe - Enable/disable block SUBSCRIBE requests. type: str choices: disable, enable
- block_unknown - Block unrecognized SIP requests (enabled by default). type: str choices: disable, enable
- block_update - Enable/disable block UPDATE requests. type: str choices: disable, enable
- bye_rate - BYE request rate limit (per second, per policy). type: int
- call_keepalive - Continue tracking calls with no RTP for this many minutes. type: int
- cancel_rate - CANCEL request rate limit (per second, per policy). type: int
- contact_fixup - Fixup contact anyway even if contact"s IP:port doesn"t match session"s IP:port. type: str choices: disable, enable
- hnt_restrict_source_ip - Enable/disable restrict RTP source IP to be the same as SIP source IP when HNT is enabled. type: str choices: disable, enable
- hosted_nat_traversal - Hosted NAT Traversal (HNT). type: str choices: disable, enable
- info_rate - INFO request rate limit (per second, per policy). type: int
- invite_rate - INVITE request rate limit (per second, per policy). type: int
- ips_rtp - Enable/disable allow IPS on RTP. type: str choices: disable, enable
- log_call_summary - Enable/disable logging of SIP call summary. type: str choices: disable, enable
- log_violations - Enable/disable logging of SIP violations. type: str choices: disable, enable
- malformed_header_allow - Action for malformed Allow header. type: str choices: discard, pass, respond
- malformed_header_call_id - Action for malformed Call-ID header. type: str choices: discard, pass, respond
- malformed_header_contact - Action for malformed Contact header. type: str choices: discard, pass, respond
- malformed_header_content_length - Action for malformed Content-Length header. type: str choices: discard, pass, respond
- malformed_header_content_type - Action for malformed Content-Type header. type: str choices: discard, pass, respond
- malformed_header_cseq - Action for malformed CSeq header. type: str choices: discard, pass, respond
- malformed_header_expires - Action for malformed Expires header. type: str choices: discard, pass, respond
- malformed_header_from - Action for malformed From header. type: str choices: discard, pass, respond
- malformed_header_max_forwards - Action for malformed Max-Forwards header. type: str choices: discard, pass, respond
- malformed_header_p_asserted_identity - Action for malformed P-Asserted-Identity header. type: str choices: discard, pass, respond
- malformed_header_rack - Action for malformed RAck header. type: str choices: discard, pass, respond
- malformed_header_record_route - Action for malformed Record-Route header. type: str choices: discard, pass, respond
- malformed_header_route - Action for malformed Route header. type: str choices: discard, pass, respond
- malformed_header_rseq - Action for malformed RSeq header. type: str choices: discard, pass, respond
- malformed_header_sdp_a - Action for malformed SDP a line. type: str choices: discard, pass, respond
- malformed_header_sdp_b - Action for malformed SDP b line. type: str choices: discard, pass, respond
- malformed_header_sdp_c - Action for malformed SDP c line. type: str choices: discard, pass, respond
- malformed_header_sdp_i - Action for malformed SDP i line. type: str choices: discard, pass, respond
- malformed_header_sdp_k - Action for malformed SDP k line. type: str choices: discard, pass, respond
- malformed_header_sdp_m - Action for malformed SDP m line. type: str choices: discard, pass, respond
- malformed_header_sdp_o - Action for malformed SDP o line. type: str choices: discard, pass, respond
- malformed_header_sdp_r - Action for malformed SDP r line. type: str choices: discard, pass, respond
- malformed_header_sdp_s - Action for malformed SDP s line. type: str choices: discard, pass, respond
- malformed_header_sdp_t - Action for malformed SDP t line. type: str choices: discard, pass, respond
- malformed_header_sdp_v - Action for malformed SDP v line. type: str choices: discard, pass, respond
- malformed_header_sdp_z - Action for malformed SDP z line. type: str choices: discard, pass, respond
- malformed_header_to - Action for malformed To header. type: str choices: discard, pass, respond
- malformed_header_via - Action for malformed VIA header. type: str choices: discard, pass, respond
- malformed_request_line - Action for malformed request line. type: str choices: discard, pass, respond
- max_body_length - Maximum SIP message body length (0 meaning no limit). type: int
- max_dialogs - Maximum number of concurrent calls/dialogs (per policy). type: int
- max_idle_dialogs - Maximum number established but idle dialogs to retain (per policy). type: int
- max_line_length - Maximum SIP header line length (78-4096). type: int
- message_rate - MESSAGE request rate limit (per second, per policy). type: int
- nat_trace - Enable/disable preservation of original IP in SDP i line. type: str choices: disable, enable
- no_sdp_fixup - Enable/disable no SDP fix-up. type: str choices: disable, enable
- notify_rate - NOTIFY request rate limit (per second, per policy). type: int
- open_contact_pinhole - Enable/disable open pinhole for non-REGISTER Contact port. type: str choices: disable, enable
- open_record_route_pinhole - Enable/disable open pinhole for Record-Route port. type: str choices: disable, enable
- open_register_pinhole - Enable/disable open pinhole for REGISTER Contact port. type: str choices: disable, enable
- open_via_pinhole - Enable/disable open pinhole for Via port. type: str choices: disable, enable
- options_rate - OPTIONS request rate limit (per second, per policy). type: int
- prack_rate - PRACK request rate limit (per second, per policy). type: int
- preserve_override - Override i line to preserve original IPS . type: str choices: disable, enable
- provisional_invite_expiry_time - Expiry time for provisional INVITE (10 - 3600 sec). type: int
- publish_rate - PUBLISH request rate limit (per second, per policy). type: int
- refer_rate - REFER request rate limit (per second, per policy). type: int
- register_contact_trace - Enable/disable trace original IP/port within the contact header of REGISTER requests. type: str choices: disable, enable
- register_rate - REGISTER request rate limit (per second, per policy). type: int
- rfc2543_branch - Enable/disable support via branch compliant with RFC 2543. type: str choices: disable, enable
- rtp - Enable/disable create pinholes for RTP traffic to traverse firewall. type: str choices: disable, enable
- ssl_algorithm - Relative strength of encryption algorithms accepted in negotiation. type: str choices: high, medium, low
- ssl_auth_client - Require a client certificate and authenticate it with the peer/peergrp. Source user.peer.name user.peergrp.name. type: str
- ssl_auth_server - Authenticate the server"s certificate with the peer/peergrp. Source user.peer.name user.peergrp.name. type: str
- ssl_client_certificate - Name of Certificate to offer to server if requested. Source vpn.certificate.local.name. type: str
- ssl_client_renegotiation - Allow/block client renegotiation by server. type: str choices: allow, deny, secure
- ssl_max_version - Highest SSL/TLS version to negotiate. type: str choices: ssl-3.0, tls-1.0, tls-1.1, tls-1.2
- ssl_min_version - Lowest SSL/TLS version to negotiate. type: str choices: ssl-3.0, tls-1.0, tls-1.1, tls-1.2
- ssl_mode - SSL/TLS mode for encryption & decryption of traffic. type: str choices: False, full
- ssl_pfs - SSL Perfect Forward Secrecy. type: str choices: require, deny, allow
- ssl_send_empty_frags - Send empty fragments to avoid attack on CBC IV (SSL 3.0 & TLS 1.0 only). type: str choices: enable, disable
- ssl_server_certificate - Name of Certificate return to the client in every SSL connection. Source vpn.certificate.local.name. type: str
- status - Enable/disable SIP. type: str choices: disable, enable
- strict_register - Enable/disable only allow the registrar to connect. type: str choices: disable, enable
- subscribe_rate - SUBSCRIBE request rate limit (per second, per policy). type: int
- unknown_header - Action for unknown SIP header. type: str choices: discard, pass, respond
- update_rate - UPDATE request rate limit (per second, per policy). type: int
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure VoIP profiles.
fortios_voip_profile:
vdom: "{{ vdom }}"
state: "present"
voip_profile:
comment: "Comment."
name: "default_name_4"
sccp:
block_mcast: "disable"
log_call_summary: "disable"
log_violations: "disable"
max_calls: "9"
status: "disable"
verify_header: "disable"
sip:
ack_rate: "13"
block_ack: "disable"
block_bye: "disable"
block_cancel: "disable"
block_geo_red_options: "disable"
block_info: "disable"
block_invite: "disable"
block_long_lines: "disable"
block_message: "disable"
block_notify: "disable"
block_options: "disable"
block_prack: "disable"
block_publish: "disable"
block_refer: "disable"
block_register: "disable"
block_subscribe: "disable"
block_unknown: "disable"
block_update: "disable"
bye_rate: "31"
call_keepalive: "32"
cancel_rate: "33"
contact_fixup: "disable"
hnt_restrict_source_ip: "disable"
hosted_nat_traversal: "disable"
info_rate: "37"
invite_rate: "38"
ips_rtp: "disable"
log_call_summary: "disable"
log_violations: "disable"
malformed_header_allow: "discard"
malformed_header_call_id: "discard"
malformed_header_contact: "discard"
malformed_header_content_length: "discard"
malformed_header_content_type: "discard"
malformed_header_cseq: "discard"
malformed_header_expires: "discard"
malformed_header_from: "discard"
malformed_header_max_forwards: "discard"
malformed_header_p_asserted_identity: "discard"
malformed_header_rack: "discard"
malformed_header_record_route: "discard"
malformed_header_route: "discard"
malformed_header_rseq: "discard"
malformed_header_sdp_a: "discard"
malformed_header_sdp_b: "discard"
malformed_header_sdp_c: "discard"
malformed_header_sdp_i: "discard"
malformed_header_sdp_k: "discard"
malformed_header_sdp_m: "discard"
malformed_header_sdp_o: "discard"
malformed_header_sdp_r: "discard"
malformed_header_sdp_s: "discard"
malformed_header_sdp_t: "discard"
malformed_header_sdp_v: "discard"
malformed_header_sdp_z: "discard"
malformed_header_to: "discard"
malformed_header_via: "discard"
malformed_request_line: "discard"
max_body_length: "71"
max_dialogs: "72"
max_idle_dialogs: "73"
max_line_length: "74"
message_rate: "75"
nat_trace: "disable"
no_sdp_fixup: "disable"
notify_rate: "78"
open_contact_pinhole: "disable"
open_record_route_pinhole: "disable"
open_register_pinhole: "disable"
open_via_pinhole: "disable"
options_rate: "83"
prack_rate: "84"
preserve_override: "disable"
provisional_invite_expiry_time: "86"
publish_rate: "87"
refer_rate: "88"
register_contact_trace: "disable"
register_rate: "90"
rfc2543_branch: "disable"
rtp: "disable"
ssl_algorithm: "high"
ssl_auth_client: "<your_own_value> (source user.peer.name user.peergrp.name)"
ssl_auth_server: "<your_own_value> (source user.peer.name user.peergrp.name)"
ssl_client_certificate: "<your_own_value> (source vpn.certificate.local.name)"
ssl_client_renegotiation: "allow"
ssl_max_version: "ssl-3.0"
ssl_min_version: "ssl-3.0"
ssl_mode: "off"
ssl_pfs: "require"
ssl_send_empty_frags: "enable"
ssl_server_certificate: "<your_own_value> (source vpn.certificate.local.name)"
status: "disable"
strict_register: "disable"
subscribe_rate: "106"
unknown_header: "discard"
update_rate: "108"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_vpn_certificate_ca – CA certificate in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_certificate feature and ca category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- vpn_certificate_ca - CA certificate. type: dict
- auto_update_days - Number of days to wait before requesting an updated CA certificate (0 - 4294967295, 0 = disabled). type: int
- auto_update_days_warning - Number of days before an expiry-warning message is generated (0 - 4294967295, 0 = disabled). type: int
- ca - CA certificate as a PEM file. type: str
- last_updated - Time at which CA was last updated. type: int
- name - Name. type: str required: True
- range - Either global or VDOM IP address range for the CA certificate. type: str choices: global, vdom
- scep_url - URL of the SCEP server. type: str
- source - CA certificate source type. type: str choices: factory, user, bundle
- source_ip - Source IP address for communications to the SCEP server. type: str
- trusted - Enable/disable as a trusted CA. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: CA certificate.
fortios_vpn_certificate_ca:
vdom: "{{ vdom }}"
state: "present"
vpn_certificate_ca:
auto_update_days: "3"
auto_update_days_warning: "4"
ca: "<your_own_value>"
last_updated: "6"
name: "default_name_7"
range: "global"
scep_url: "<your_own_value>"
source: "factory"
source_ip: "84.230.14.43"
trusted: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_vpn_certificate_crl – Certificate Revocation List as a PEM file in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_certificate feature and crl category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- vpn_certificate_crl - Certificate Revocation List as a PEM file. type: dict
- crl - Certificate Revocation List as a PEM file. type: str
- http_url - HTTP server URL for CRL auto-update. type: str
- last_updated - Time at which CRL was last updated. type: int
- ldap_password - LDAP server user password. type: str
- ldap_server - LDAP server name for CRL auto-update. type: str
- ldap_username - LDAP server user name. type: str
- name - Name. type: str required: True
- range - Either global or VDOM IP address range for the certificate. type: str choices: global, vdom
- scep_cert - Local certificate for SCEP communication for CRL auto-update. Source vpn.certificate.local.name. type: str
- scep_url - SCEP server URL for CRL auto-update. type: str
- source - Certificate source type. type: str choices: factory, user, bundle
- source_ip - Source IP address for communications to a HTTP or SCEP CA server. type: str
- update_interval - Time in seconds before the FortiGate checks for an updated CRL. Set to 0 to update only when it expires. type: int
- update_vdom - VDOM for CRL update. Source system.vdom.name. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Certificate Revocation List as a PEM file.
fortios_vpn_certificate_crl:
vdom: "{{ vdom }}"
state: "present"
vpn_certificate_crl:
crl: "<your_own_value>"
http_url: "<your_own_value>"
last_updated: "5"
ldap_password: "<your_own_value>"
ldap_server: "<your_own_value>"
ldap_username: "<your_own_value>"
name: "default_name_9"
range: "global"
scep_cert: "<your_own_value> (source vpn.certificate.local.name)"
scep_url: "<your_own_value>"
source: "factory"
source_ip: "84.230.14.43"
update_interval: "15"
update_vdom: "<your_own_value> (source system.vdom.name)"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_vpn_certificate_local – Local keys and certificates in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_certificate feature and local category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- vpn_certificate_local - Local keys and certificates. type: dict
- auto_regenerate_days - Number of days to wait before expiry of an updated local certificate is requested (0 = disabled). type: int
- auto_regenerate_days_warning - Number of days to wait before an expiry warning message is generated (0 = disabled). type: int
- ca_identifier - CA identifier of the CA server for signing via SCEP. type: str
- certificate - PEM format certificate. type: str
- cmp_path - Path location inside CMP server. type: str
- cmp_regeneration_method - CMP auto-regeneration method. type: str choices: keyupate, renewal
- cmp_server - "ADDRESS:PORT" for CMP server. type: str
- cmp_server_cert - CMP server certificate. Source vpn.certificate.ca.name. type: str
- comments - Comment. type: str
- csr - Certificate Signing Request. type: str
- enroll_protocol - Certificate enrollment protocol. type: str choices: none, scep, cmpv2
- ike_localid - Local ID the FortiGate uses for authentication as a VPN client. type: str
- ike_localid_type - IKE local ID type. type: str choices: asn1dn, fqdn
- last_updated - Time at which certificate was last updated. type: int
- name - Name. type: str required: True
- name_encoding - Name encoding method for auto-regeneration. type: str choices: printable, utf8
- password - Password as a PEM file. type: str
- private_key - PEM format key, encrypted with a password. type: str
- range - Either a global or VDOM IP address range for the certificate. type: str choices: global, vdom
- scep_password - SCEP server challenge password for auto-regeneration. type: str
- scep_url - SCEP server URL. type: str
- source - Certificate source type. type: str choices: factory, user, bundle
- source_ip - Source IP address for communications to the SCEP server. type: str
- state - Certificate Signing Request State. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Local keys and certificates.
fortios_vpn_certificate_local:
vdom: "{{ vdom }}"
state: "present"
vpn_certificate_local:
auto_regenerate_days: "3"
auto_regenerate_days_warning: "4"
ca_identifier: "myId_5"
certificate: "<your_own_value>"
cmp_path: "<your_own_value>"
cmp_regeneration_method: "keyupate"
cmp_server: "<your_own_value>"
cmp_server_cert: "<your_own_value> (source vpn.certificate.ca.name)"
comments: "<your_own_value>"
csr: "<your_own_value>"
enroll_protocol: "none"
ike_localid: "<your_own_value>"
ike_localid_type: "asn1dn"
last_updated: "16"
name: "default_name_17"
name_encoding: "printable"
password: "<your_own_value>"
private_key: "<your_own_value>"
range: "global"
scep_password: "<your_own_value>"
scep_url: "<your_own_value>"
source: "factory"
source_ip: "84.230.14.43"
state: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_vpn_certificate_ocsp_server – OCSP server configuration in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_certificate feature and ocsp_server category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- vpn_certificate_ocsp_server - OCSP server configuration. type: dict
- cert - OCSP server certificate. Source vpn.certificate.remote.name vpn.certificate.ca.name. type: str
- name - OCSP server entry name. type: str required: True
- secondary_cert - Secondary OCSP server certificate. Source vpn.certificate.remote.name vpn.certificate.ca.name. type: str
- secondary_url - Secondary OCSP server URL. type: str
- source_ip - Source IP address for communications to the OCSP server. type: str
- unavail_action - Action when server is unavailable (revoke the certificate or ignore the result of the check). type: str choices: revoke, ignore
- url - OCSP server URL. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: OCSP server configuration.
fortios_vpn_certificate_ocsp_server:
vdom: "{{ vdom }}"
state: "present"
vpn_certificate_ocsp_server:
cert: "<your_own_value> (source vpn.certificate.remote.name vpn.certificate.ca.name)"
name: "default_name_4"
secondary_cert: "<your_own_value> (source vpn.certificate.remote.name vpn.certificate.ca.name)"
secondary_url: "<your_own_value>"
source_ip: "84.230.14.43"
unavail_action: "revoke"
url: "myurl.com"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_vpn_certificate_remote – Remote certificate as a PEM file in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_certificate feature and remote category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- vpn_certificate_remote - Remote certificate as a PEM file. type: dict
- name - Name. type: str required: True
- range - Either the global or VDOM IP address range for the remote certificate. type: str choices: global, vdom
- remote - Remote certificate. type: str
- source - Remote certificate source type. type: str choices: factory, user, bundle
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Remote certificate as a PEM file.
fortios_vpn_certificate_remote:
vdom: "{{ vdom }}"
state: "present"
vpn_certificate_remote:
name: "default_name_3"
range: "global"
remote: "<your_own_value>"
source: "factory"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_vpn_certificate_setting – VPN certificate setting in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_certificate feature and setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- vpn_certificate_setting - VPN certificate setting. type: dict
- certname_dsa1024 - 1024 bit DSA key certificate for re-signing server certificates for SSL inspection. Source vpn.certificate.local.name. type: str
- certname_dsa2048 - 2048 bit DSA key certificate for re-signing server certificates for SSL inspection. Source vpn.certificate.local.name. type: str
- certname_ecdsa256 - 256 bit ECDSA key certificate for re-signing server certificates for SSL inspection. Source vpn.certificate.local.name. type: str
- certname_ecdsa384 - 384 bit ECDSA key certificate for re-signing server certificates for SSL inspection. Source vpn.certificate.local.name. type: str
- certname_rsa1024 - 1024 bit RSA key certificate for re-signing server certificates for SSL inspection. Source vpn.certificate.local.name. type: str
- certname_rsa2048 - 2048 bit RSA key certificate for re-signing server certificates for SSL inspection. Source vpn.certificate.local.name. type: str
- check_ca_cert - Enable/disable verification of the user certificate and pass authentication if any CA in the chain is trusted . type: str choices: enable, disable
- check_ca_chain - Enable/disable verification of the entire certificate chain and pass authentication only if the chain is complete and all of the CAs in the chain are trusted . type: str choices: enable, disable
- cmp_save_extra_certs - Enable/disable saving extra certificates in CMP mode. type: str choices: enable, disable
- cn_match - When searching for a matching certificate, control how to find matches in the cn attribute of the certificate subject name. type: str choices: substring, value
- ocsp_default_server - Default OCSP server. Source vpn.certificate.ocsp-server.name. type: str
- ocsp_status - Enable/disable receiving certificates using the OCSP. type: str choices: enable, disable
- ssl_min_proto_version - Minimum supported protocol version for SSL/TLS connections . type: str choices: default, SSLv3, TLSv1, TLSv1-1, TLSv1-2
- ssl_ocsp_option - Specify whether the OCSP URL is from the certificate or the default OCSP server. type: str choices: certificate, server
- ssl_ocsp_status - Enable/disable SSL OCSP. type: str choices: enable, disable
- strict_crl_check - Enable/disable strict mode CRL checking. type: str choices: enable, disable
- strict_ocsp_check - Enable/disable strict mode OCSP checking. type: str choices: enable, disable
- subject_match - When searching for a matching certificate, control how to find matches in the certificate subject name. type: str choices: substring, value
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: VPN certificate setting.
fortios_vpn_certificate_setting:
vdom: "{{ vdom }}"
vpn_certificate_setting:
certname_dsa1024: "<your_own_value> (source vpn.certificate.local.name)"
certname_dsa2048: "<your_own_value> (source vpn.certificate.local.name)"
certname_ecdsa256: "<your_own_value> (source vpn.certificate.local.name)"
certname_ecdsa384: "<your_own_value> (source vpn.certificate.local.name)"
certname_rsa1024: "<your_own_value> (source vpn.certificate.local.name)"
certname_rsa2048: "<your_own_value> (source vpn.certificate.local.name)"
check_ca_cert: "enable"
check_ca_chain: "enable"
cmp_save_extra_certs: "enable"
cn_match: "substring"
ocsp_default_server: "<your_own_value> (source vpn.certificate.ocsp-server.name)"
ocsp_status: "enable"
ssl_min_proto_version: "default"
ssl_ocsp_option: "certificate"
ssl_ocsp_status: "enable"
strict_crl_check: "enable"
strict_ocsp_check: "enable"
subject_match: "substring"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_vpn_ipsec_concentrator – Concentrator configuration in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_ipsec feature and concentrator category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- vpn_ipsec_concentrator - Concentrator configuration. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- member - Names of up to 3 VPN tunnels to add to the concentrator. type: list
- name - Member name. Source vpn.ipsec.manualkey.name vpn.ipsec.phase1.name. type: str required: True
- name - Concentrator name. type: str required: True
- src_check - Enable to check source address of phase 2 selector. Disable to check only the destination selector. type: str choices: disable, enable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Concentrator configuration.
fortios_vpn_ipsec_concentrator:
vdom: "{{ vdom }}"
state: "present"
vpn_ipsec_concentrator:
member:
-
name: "default_name_4 (source vpn.ipsec.manualkey.name vpn.ipsec.phase1.name)"
name: "default_name_5"
src_check: "disable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_vpn_ipsec_forticlient – Configure FortiClient policy realm in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_ipsec feature and forticlient category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- vpn_ipsec_forticlient - Configure FortiClient policy realm. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- phase2name - Phase 2 tunnel name that you defined in the FortiClient dialup configuration. Source vpn.ipsec.phase2.name vpn.ipsec.phase2-interface .name. type: str
- realm - FortiClient realm name. type: str required: True
- status - Enable/disable this FortiClient configuration. type: str choices: enable, disable
- usergroupname - User group name for FortiClient users. Source user.group.name. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure FortiClient policy realm.
fortios_vpn_ipsec_forticlient:
vdom: "{{ vdom }}"
state: "present"
vpn_ipsec_forticlient:
phase2name: "<your_own_value> (source vpn.ipsec.phase2.name vpn.ipsec.phase2-interface.name)"
realm: "<your_own_value>"
status: "enable"
usergroupname: "<your_own_value> (source user.group.name)"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_vpn_ipsec_manualkey – Configure IPsec manual keys in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_ipsec feature and manualkey category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- vpn_ipsec_manualkey - Configure IPsec manual keys. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- authentication - Authentication algorithm. Must be the same for both ends of the tunnel. type: str choices: None, md5, sha1, sha256, sha384, sha512
- authkey - Hexadecimal authentication key in 16-digit (8-byte) segments separated by hyphens. type: str
- enckey - Hexadecimal encryption key in 16-digit (8-byte) segments separated by hyphens. type: str
- encryption - Encryption algorithm. Must be the same for both ends of the tunnel. type: str choices: None, des, 3des, aes128, aes192, aes256, aria128, aria192, aria256, seed
- interface - Name of the physical, aggregate, or VLAN interface. Source system.interface.name. type: str
- local_gw - Local gateway. type: str
- localspi - Local SPI, a hexadecimal 8-digit (4-byte) tag. Discerns between two traffic streams with different encryption rules. type: str
- name - IPsec tunnel name. type: str required: True
- remote_gw - Peer gateway. type: str
- remotespi - Remote SPI, a hexadecimal 8-digit (4-byte) tag. Discerns between two traffic streams with different encryption rules. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IPsec manual keys.
fortios_vpn_ipsec_manualkey:
vdom: "{{ vdom }}"
state: "present"
vpn_ipsec_manualkey:
authentication: "null"
authkey: "<your_own_value>"
enckey: "<your_own_value>"
encryption: "null"
interface: "<your_own_value> (source system.interface.name)"
local_gw: "<your_own_value>"
localspi: "<your_own_value>"
name: "default_name_10"
remote_gw: "<your_own_value>"
remotespi: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_vpn_ipsec_manualkey_interface – Configure IPsec manual keys in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_ipsec feature and manualkey_interface category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- vpn_ipsec_manualkey_interface - Configure IPsec manual keys. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- addr_type - IP version to use for IP packets. type: str choices: 4, 6
- auth_alg - Authentication algorithm. Must be the same for both ends of the tunnel. type: str choices: None, md5, sha1, sha256, sha384, sha512
- auth_key - Hexadecimal authentication key in 16-digit (8-byte) segments separated by hyphens. type: str
- enc_alg - Encryption algorithm. Must be the same for both ends of the tunnel. type: str choices: None, des, 3des, aes128, aes192, aes256, aria128, aria192, aria256, seed
- enc_key - Hexadecimal encryption key in 16-digit (8-byte) segments separated by hyphens. type: str
- interface - Name of the physical, aggregate, or VLAN interface. Source system.interface.name. type: str
- ip_version - IP version to use for VPN interface. type: str choices: 4, 6
- local_gw - IPv4 address of the local gateway"s external interface. type: str
- local_gw6 - Local IPv6 address of VPN gateway. type: str
- local_spi - Local SPI, a hexadecimal 8-digit (4-byte) tag. Discerns between two traffic streams with different encryption rules. type: str
- name - IPsec tunnel name. type: str required: True
- remote_gw - IPv4 address of the remote gateway"s external interface. type: str
- remote_gw6 - Remote IPv6 address of VPN gateway. type: str
- remote_spi - Remote SPI, a hexadecimal 8-digit (4-byte) tag. Discerns between two traffic streams with different encryption rules. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IPsec manual keys.
fortios_vpn_ipsec_manualkey_interface:
vdom: "{{ vdom }}"
state: "present"
vpn_ipsec_manualkey_interface:
addr_type: "4"
auth_alg: "null"
auth_key: "<your_own_value>"
enc_alg: "null"
enc_key: "<your_own_value>"
interface: "<your_own_value> (source system.interface.name)"
ip_version: "4"
local_gw: "<your_own_value>"
local_gw6: "<your_own_value>"
local_spi: "<your_own_value>"
name: "default_name_13"
remote_gw: "<your_own_value>"
remote_gw6: "<your_own_value>"
remote_spi: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_vpn_ipsec_phase1 – Configure VPN remote gateway in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_ipsec feature and phase1 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- vpn_ipsec_phase1 - Configure VPN remote gateway. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- acct_verify - Enable/disable verification of RADIUS accounting record. type: str choices: enable, disable
- add_gw_route - Enable/disable automatically add a route to the remote gateway. type: str choices: enable, disable
- add_route - Enable/disable control addition of a route to peer destination selector. type: str choices: disable, enable
- assign_ip - Enable/disable assignment of IP to IPsec interface via configuration method. type: str choices: disable, enable
- assign_ip_from - Method by which the IP address will be assigned. type: str choices: range, usrgrp, dhcp, name
- authmethod - Authentication method. type: str choices: psk, signature
- authmethod_remote - Authentication method (remote side). type: str choices: psk, signature
- authpasswd - XAuth password (max 35 characters). type: str
- authusr - XAuth user name. type: str
- authusrgrp - Authentication user group. Source user.group.name. type: str
- auto_negotiate - Enable/disable automatic initiation of IKE SA negotiation. type: str choices: enable, disable
- backup_gateway - Instruct unity clients about the backup gateway address(es). type: list
- address - Address of backup gateway. type: str required: True
- banner - Message that unity client should display after connecting. type: str
- cert_id_validation - Enable/disable cross validation of peer ID and the identity in the peer"s certificate as specified in RFC 4945. type: str choices: enable, disable
- certificate - Names of up to 4 signed personal certificates. type: list
- name - Certificate name. Source vpn.certificate.local.name. type: str required: True
- childless_ike - Enable/disable childless IKEv2 initiation (RFC 6023). type: str choices: enable, disable
- client_auto_negotiate - Enable/disable allowing the VPN client to bring up the tunnel when there is no traffic. type: str choices: disable, enable
- client_keep_alive - Enable/disable allowing the VPN client to keep the tunnel up when there is no traffic. type: str choices: disable, enable
- comments - Comment. type: str
- dhgrp - DH group. type: str choices: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31
- digital_signature_auth - Enable/disable IKEv2 Digital Signature Authentication (RFC 7427). type: str choices: enable, disable
- distance - Distance for routes added by IKE (1 - 255). type: int
- dns_mode - DNS server mode. type: str choices: manual, auto
- domain - Instruct unity clients about the default DNS domain. type: str
- dpd - Dead Peer Detection mode. type: str choices: disable, on-idle, on-demand
- dpd_retrycount - Number of DPD retry attempts. type: int
- dpd_retryinterval - DPD retry interval. type: str
- eap - Enable/disable IKEv2 EAP authentication. type: str choices: enable, disable
- eap_identity - IKEv2 EAP peer identity type. type: str choices: use-id-payload, send-request
- enforce_unique_id - Enable/disable peer ID uniqueness check. type: str choices: disable, keep-new, keep-old
- forticlient_enforcement - Enable/disable FortiClient enforcement. type: str choices: enable, disable
- fragmentation - Enable/disable fragment IKE message on re-transmission. type: str choices: enable, disable
- fragmentation_mtu - IKE fragmentation MTU (500 - 16000). type: int
- group_authentication - Enable/disable IKEv2 IDi group authentication. type: str choices: enable, disable
- group_authentication_secret - Password for IKEv2 IDi group authentication. (ASCII string or hexadecimal indicated by a leading 0x.) type: str
- ha_sync_esp_seqno - Enable/disable sequence number jump ahead for IPsec HA. type: str choices: enable, disable
- idle_timeout - Enable/disable IPsec tunnel idle timeout. type: str choices: enable, disable
- idle_timeoutinterval - IPsec tunnel idle timeout in minutes (5 - 43200). type: int
- ike_version - IKE protocol version. type: str choices: 1, 2
- include_local_lan - Enable/disable allow local LAN access on unity clients. type: str choices: disable, enable
- interface - Local physical, aggregate, or VLAN outgoing interface. Source system.interface.name. type: str
- ipv4_dns_server1 - IPv4 DNS server 1. type: str
- ipv4_dns_server2 - IPv4 DNS server 2. type: str
- ipv4_dns_server3 - IPv4 DNS server 3. type: str
- ipv4_end_ip - End of IPv4 range. type: str
- ipv4_exclude_range - Configuration Method IPv4 exclude ranges. type: list
- end_ip - End of IPv4 exclusive range. type: str
- id - ID. type: int required: True
- start_ip - Start of IPv4 exclusive range. type: str
- ipv4_name - IPv4 address name. Source firewall.address.name firewall.addrgrp.name. type: str
- ipv4_netmask - IPv4 Netmask. type: str
- ipv4_split_exclude - IPv4 subnets that should not be sent over the IPsec tunnel. Source firewall.address.name firewall.addrgrp.name. type: str
- ipv4_split_include - IPv4 split-include subnets. Source firewall.address.name firewall.addrgrp.name. type: str
- ipv4_start_ip - Start of IPv4 range. type: str
- ipv4_wins_server1 - WINS server 1. type: str
- ipv4_wins_server2 - WINS server 2. type: str
- ipv6_dns_server1 - IPv6 DNS server 1. type: str
- ipv6_dns_server2 - IPv6 DNS server 2. type: str
- ipv6_dns_server3 - IPv6 DNS server 3. type: str
- ipv6_end_ip - End of IPv6 range. type: str
- ipv6_exclude_range - Configuration method IPv6 exclude ranges. type: list
- end_ip - End of IPv6 exclusive range. type: str
- id - ID. type: int required: True
- start_ip - Start of IPv6 exclusive range. type: str
- ipv6_name - IPv6 address name. Source firewall.address6.name firewall.addrgrp6.name. type: str
- ipv6_prefix - IPv6 prefix. type: int
- ipv6_split_exclude - IPv6 subnets that should not be sent over the IPsec tunnel. Source firewall.address6.name firewall.addrgrp6.name. type: str
- ipv6_split_include - IPv6 split-include subnets. Source firewall.address6.name firewall.addrgrp6.name. type: str
- ipv6_start_ip - Start of IPv6 range. type: str
- keepalive - NAT-T keep alive interval. type: int
- keylife - Time to wait in seconds before phase 1 encryption key expires. type: int
- local_gw - Local VPN gateway. type: str
- localid - Local ID. type: str
- localid_type - Local ID type. type: str choices: auto, fqdn, user-fqdn, keyid, address, asn1dn
- mesh_selector_type - Add selectors containing subsets of the configuration depending on traffic. type: str choices: disable, subnet, host
- mode - ID protection mode used to establish a secure channel. type: str choices: aggressive, main
- mode_cfg - Enable/disable configuration method. type: str choices: disable, enable
- name - IPsec remote gateway name. type: str required: True
- nattraversal - Enable/disable NAT traversal. type: str choices: enable, disable, forced
- negotiate_timeout - IKE SA negotiation timeout in seconds (1 - 300). type: int
- peer - Accept this peer certificate. Source user.peer.name. type: str
- peergrp - Accept this peer certificate group. Source user.peergrp.name. type: str
- peerid - Accept this peer identity. type: str
- peertype - Accept this peer type. type: str choices: any, one, dialup, peer, peergrp
- ppk - Enable/disable IKEv2 Postquantum Preshared Key (PPK). type: str choices: disable, allow, require
- ppk_identity - IKEv2 Postquantum Preshared Key Identity. type: str
- ppk_secret - IKEv2 Postquantum Preshared Key (ASCII string or hexadecimal encoded with a leading 0x). type: str
- priority - Priority for routes added by IKE (0 - 4294967295). type: int
- proposal - Phase1 proposal. type: str choices: des-md5, des-sha1, des-sha256, des-sha384, des-sha512, 3des-md5, 3des-sha1, 3des-sha256, 3des-sha384, 3des-sha512, aes128-md5, aes128-sha1, aes128-sha256, aes128-sha384, aes128-sha512, aes128gcm-prfsha1, aes128gcm-prfsha256, aes128gcm-prfsha384, aes128gcm-prfsha512, aes192-md5, aes192-sha1, aes192-sha256, aes192-sha384, aes192-sha512, aes256-md5, aes256-sha1, aes256-sha256, aes256-sha384, aes256-sha512, aes256gcm-prfsha1, aes256gcm-prfsha256, aes256gcm-prfsha384, aes256gcm-prfsha512, chacha20poly1305-prfsha1, chacha20poly1305-prfsha256, chacha20poly1305-prfsha384, chacha20poly1305-prfsha512, aria128-md5, aria128-sha1, aria128-sha256, aria128-sha384, aria128-sha512, aria192-md5, aria192-sha1, aria192-sha256, aria192-sha384, aria192-sha512, aria256-md5, aria256-sha1, aria256-sha256, aria256-sha384, aria256-sha512, seed-md5, seed-sha1, seed-sha256, seed-sha384, seed-sha512
- psksecret - Pre-shared secret for PSK authentication (ASCII string or hexadecimal encoded with a leading 0x). type: str
- psksecret_remote - Pre-shared secret for remote side PSK authentication (ASCII string or hexadecimal encoded with a leading 0x). type: str
- reauth - Enable/disable re-authentication upon IKE SA lifetime expiration. type: str choices: disable, enable
- rekey - Enable/disable phase1 rekey. type: str choices: enable, disable
- remote_gw - Remote VPN gateway. type: str
- remotegw_ddns - Domain name of remote gateway (eg. name.DDNS.com). type: str
- rsa_signature_format - Digital Signature Authentication RSA signature format. type: str choices: pkcs1, pss
- save_password - Enable/disable saving XAuth username and password on VPN clients. type: str choices: disable, enable
- send_cert_chain - Enable/disable sending certificate chain. type: str choices: enable, disable
- signature_hash_alg - Digital Signature Authentication hash algorithms. type: str choices: sha1, sha2-256, sha2-384, sha2-512
- split_include_service - Split-include services. Source firewall.service.group.name firewall.service.custom.name. type: str
- suite_b - Use Suite-B. type: str choices: disable, suite-b-gcm-128, suite-b-gcm-256
- type - Remote gateway type. type: str choices: static, dynamic, ddns
- unity_support - Enable/disable support for Cisco UNITY Configuration Method extensions. type: str choices: disable, enable
- usrgrp - User group name for dialup peers. Source user.group.name. type: str
- wizard_type - GUI VPN Wizard Type. type: str choices: custom, dialup-forticlient, dialup-ios, dialup-android, dialup-windows, dialup-cisco, static-fortigate, dialup-fortigate, static-cisco, dialup-cisco-fw
- xauthtype - XAuth type. type: str choices: disable, client, pap, chap, auto
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure VPN remote gateway.
fortios_vpn_ipsec_phase1:
vdom: "{{ vdom }}"
state: "present"
vpn_ipsec_phase1:
acct_verify: "enable"
add_gw_route: "enable"
add_route: "disable"
assign_ip: "disable"
assign_ip_from: "range"
authmethod: "psk"
authmethod_remote: "psk"
authpasswd: "<your_own_value>"
authusr: "<your_own_value>"
authusrgrp: "<your_own_value> (source user.group.name)"
auto_negotiate: "enable"
backup_gateway:
-
address: "<your_own_value>"
banner: "<your_own_value>"
cert_id_validation: "enable"
certificate:
-
name: "default_name_19 (source vpn.certificate.local.name)"
childless_ike: "enable"
client_auto_negotiate: "disable"
client_keep_alive: "disable"
comments: "<your_own_value>"
dhgrp: "1"
digital_signature_auth: "enable"
distance: "26"
dns_mode: "manual"
domain: "<your_own_value>"
dpd: "disable"
dpd_retrycount: "30"
dpd_retryinterval: "<your_own_value>"
eap: "enable"
eap_identity: "use-id-payload"
enforce_unique_id: "disable"
forticlient_enforcement: "enable"
fragmentation: "enable"
fragmentation_mtu: "37"
group_authentication: "enable"
group_authentication_secret: "<your_own_value>"
ha_sync_esp_seqno: "enable"
idle_timeout: "enable"
idle_timeoutinterval: "42"
ike_version: "1"
include_local_lan: "disable"
interface: "<your_own_value> (source system.interface.name)"
ipv4_dns_server1: "<your_own_value>"
ipv4_dns_server2: "<your_own_value>"
ipv4_dns_server3: "<your_own_value>"
ipv4_end_ip: "<your_own_value>"
ipv4_exclude_range:
-
end_ip: "<your_own_value>"
id: "52"
start_ip: "<your_own_value>"
ipv4_name: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
ipv4_netmask: "<your_own_value>"
ipv4_split_exclude: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
ipv4_split_include: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
ipv4_start_ip: "<your_own_value>"
ipv4_wins_server1: "<your_own_value>"
ipv4_wins_server2: "<your_own_value>"
ipv6_dns_server1: "<your_own_value>"
ipv6_dns_server2: "<your_own_value>"
ipv6_dns_server3: "<your_own_value>"
ipv6_end_ip: "<your_own_value>"
ipv6_exclude_range:
-
end_ip: "<your_own_value>"
id: "67"
start_ip: "<your_own_value>"
ipv6_name: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
ipv6_prefix: "70"
ipv6_split_exclude: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
ipv6_split_include: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
ipv6_start_ip: "<your_own_value>"
keepalive: "74"
keylife: "75"
local_gw: "<your_own_value>"
localid: "<your_own_value>"
localid_type: "auto"
mesh_selector_type: "disable"
mode: "aggressive"
mode_cfg: "disable"
name: "default_name_82"
nattraversal: "enable"
negotiate_timeout: "84"
peer: "<your_own_value> (source user.peer.name)"
peergrp: "<your_own_value> (source user.peergrp.name)"
peerid: "<your_own_value>"
peertype: "any"
ppk: "disable"
ppk_identity: "<your_own_value>"
ppk_secret: "<your_own_value>"
priority: "92"
proposal: "des-md5"
psksecret: "<your_own_value>"
psksecret_remote: "<your_own_value>"
reauth: "disable"
rekey: "enable"
remote_gw: "<your_own_value>"
remotegw_ddns: "<your_own_value>"
rsa_signature_format: "pkcs1"
save_password: "disable"
send_cert_chain: "enable"
signature_hash_alg: "sha1"
split_include_service: "<your_own_value> (source firewall.service.group.name firewall.service.custom.name)"
suite_b: "disable"
type: "static"
unity_support: "disable"
usrgrp: "<your_own_value> (source user.group.name)"
wizard_type: "custom"
xauthtype: "disable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_vpn_ipsec_phase1_interface – Configure VPN remote gateway in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_ipsec feature and phase1_interface category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- vpn_ipsec_phase1_interface - Configure VPN remote gateway. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- acct_verify - Enable/disable verification of RADIUS accounting record. type: str choices: enable, disable
- add_gw_route - Enable/disable automatically add a route to the remote gateway. type: str choices: enable, disable
- add_route - Enable/disable control addition of a route to peer destination selector. type: str choices: disable, enable
- assign_ip - Enable/disable assignment of IP to IPsec interface via configuration method. type: str choices: disable, enable
- assign_ip_from - Method by which the IP address will be assigned. type: str choices: range, usrgrp, dhcp, name
- authmethod - Authentication method. type: str choices: psk, signature
- authmethod_remote - Authentication method (remote side). type: str choices: psk, signature
- authpasswd - XAuth password (max 35 characters). type: str
- authusr - XAuth user name. type: str
- authusrgrp - Authentication user group. Source user.group.name. type: str
- auto_discovery_forwarder - Enable/disable forwarding auto-discovery short-cut messages. type: str choices: enable, disable
- auto_discovery_psk - Enable/disable use of pre-shared secrets for authentication of auto-discovery tunnels. type: str choices: enable, disable
- auto_discovery_receiver - Enable/disable accepting auto-discovery short-cut messages. type: str choices: enable, disable
- auto_discovery_sender - Enable/disable sending auto-discovery short-cut messages. type: str choices: enable, disable
- auto_negotiate - Enable/disable automatic initiation of IKE SA negotiation. type: str choices: enable, disable
- backup_gateway - Instruct unity clients about the backup gateway address(es). type: list
- address - Address of backup gateway. type: str required: True
- banner - Message that unity client should display after connecting. type: str
- cert_id_validation - Enable/disable cross validation of peer ID and the identity in the peer"s certificate as specified in RFC 4945. type: str choices: enable, disable
- certificate - The names of up to 4 signed personal certificates. type: list
- name - Certificate name. Source vpn.certificate.local.name. type: str required: True
- childless_ike - Enable/disable childless IKEv2 initiation (RFC 6023). type: str choices: enable, disable
- client_auto_negotiate - Enable/disable allowing the VPN client to bring up the tunnel when there is no traffic. type: str choices: disable, enable
- client_keep_alive - Enable/disable allowing the VPN client to keep the tunnel up when there is no traffic. type: str choices: disable, enable
- comments - Comment. type: str
- default_gw - IPv4 address of default route gateway to use for traffic exiting the interface. type: str
- default_gw_priority - Priority for default gateway route. A higher priority number signifies a less preferred route. type: int
- dhgrp - DH group. type: str choices: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31
- digital_signature_auth - Enable/disable IKEv2 Digital Signature Authentication (RFC 7427). type: str choices: enable, disable
- distance - Distance for routes added by IKE (1 - 255). type: int
- dns_mode - DNS server mode. type: str choices: manual, auto
- domain - Instruct unity clients about the default DNS domain. type: str
- dpd - Dead Peer Detection mode. type: str choices: disable, on-idle, on-demand
- dpd_retrycount - Number of DPD retry attempts. type: int
- dpd_retryinterval - DPD retry interval. type: str
- eap - Enable/disable IKEv2 EAP authentication. type: str choices: enable, disable
- eap_identity - IKEv2 EAP peer identity type. type: str choices: use-id-payload, send-request
- encap_local_gw4 - Local IPv4 address of GRE/VXLAN tunnel. type: str
- encap_local_gw6 - Local IPv6 address of GRE/VXLAN tunnel. type: str
- encap_remote_gw4 - Remote IPv4 address of GRE/VXLAN tunnel. type: str
- encap_remote_gw6 - Remote IPv6 address of GRE/VXLAN tunnel. type: str
- encapsulation - Enable/disable GRE/VXLAN encapsulation. type: str choices: none, gre, vxlan
- encapsulation_address - Source for GRE/VXLAN tunnel address. type: str choices: ike, ipv4, ipv6
- enforce_unique_id - Enable/disable peer ID uniqueness check. type: str choices: disable, keep-new, keep-old
- exchange_interface_ip - Enable/disable exchange of IPsec interface IP address. type: str choices: enable, disable
- exchange_ip_addr4 - IPv4 address to exchange with peers. type: str
- exchange_ip_addr6 - IPv6 address to exchange with peers type: str
- forticlient_enforcement - Enable/disable FortiClient enforcement. type: str choices: enable, disable
- fragmentation - Enable/disable fragment IKE message on re-transmission. type: str choices: enable, disable
- fragmentation_mtu - IKE fragmentation MTU (500 - 16000). type: int
- group_authentication - Enable/disable IKEv2 IDi group authentication. type: str choices: enable, disable
- group_authentication_secret - Password for IKEv2 IDi group authentication. (ASCII string or hexadecimal indicated by a leading 0x.) type: str
- ha_sync_esp_seqno - Enable/disable sequence number jump ahead for IPsec HA. type: str choices: enable, disable
- idle_timeout - Enable/disable IPsec tunnel idle timeout. type: str choices: enable, disable
- idle_timeoutinterval - IPsec tunnel idle timeout in minutes (5 - 43200). type: int
- ike_version - IKE protocol version. type: str choices: 1, 2
- include_local_lan - Enable/disable allow local LAN access on unity clients. type: str choices: disable, enable
- interface - Local physical, aggregate, or VLAN outgoing interface. Source system.interface.name. type: str
- ip_version - IP version to use for VPN interface. type: str choices: 4, 6
- ipv4_dns_server1 - IPv4 DNS server 1. type: str
- ipv4_dns_server2 - IPv4 DNS server 2. type: str
- ipv4_dns_server3 - IPv4 DNS server 3. type: str
- ipv4_end_ip - End of IPv4 range. type: str
- ipv4_exclude_range - Configuration Method IPv4 exclude ranges. type: list
- end_ip - End of IPv4 exclusive range. type: str
- id - ID. type: int required: True
- start_ip - Start of IPv4 exclusive range. type: str
- ipv4_name - IPv4 address name. Source firewall.address.name firewall.addrgrp.name. type: str
- ipv4_netmask - IPv4 Netmask. type: str
- ipv4_split_exclude - IPv4 subnets that should not be sent over the IPsec tunnel. Source firewall.address.name firewall.addrgrp.name. type: str
- ipv4_split_include - IPv4 split-include subnets. Source firewall.address.name firewall.addrgrp.name. type: str
- ipv4_start_ip - Start of IPv4 range. type: str
- ipv4_wins_server1 - WINS server 1. type: str
- ipv4_wins_server2 - WINS server 2. type: str
- ipv6_dns_server1 - IPv6 DNS server 1. type: str
- ipv6_dns_server2 - IPv6 DNS server 2. type: str
- ipv6_dns_server3 - IPv6 DNS server 3. type: str
- ipv6_end_ip - End of IPv6 range. type: str
- ipv6_exclude_range - Configuration method IPv6 exclude ranges. type: list
- end_ip - End of IPv6 exclusive range. type: str
- id - ID. type: int required: True
- start_ip - Start of IPv6 exclusive range. type: str
- ipv6_name - IPv6 address name. Source firewall.address6.name firewall.addrgrp6.name. type: str
- ipv6_prefix - IPv6 prefix. type: int
- ipv6_split_exclude - IPv6 subnets that should not be sent over the IPsec tunnel. Source firewall.address6.name firewall.addrgrp6.name. type: str
- ipv6_split_include - IPv6 split-include subnets. Source firewall.address6.name firewall.addrgrp6.name. type: str
- ipv6_start_ip - Start of IPv6 range. type: str
- keepalive - NAT-T keep alive interval. type: int
- keylife - Time to wait in seconds before phase 1 encryption key expires. type: int
- local_gw - IPv4 address of the local gateway"s external interface. type: str
- local_gw6 - IPv6 address of the local gateway"s external interface. type: str
- localid - Local ID. type: str
- localid_type - Local ID type. type: str choices: auto, fqdn, user-fqdn, keyid, address, asn1dn
- mesh_selector_type - Add selectors containing subsets of the configuration depending on traffic. type: str choices: disable, subnet, host
- mode - The ID protection mode used to establish a secure channel. type: str choices: aggressive, main
- mode_cfg - Enable/disable configuration method. type: str choices: disable, enable
- monitor - IPsec interface as backup for primary interface. Source vpn.ipsec.phase1-interface.name. type: str
- monitor_hold_down_delay - Time to wait in seconds before recovery once primary re-establishes. type: int
- monitor_hold_down_time - Time of day at which to fail back to primary after it re-establishes. type: str
- monitor_hold_down_type - Recovery time method when primary interface re-establishes. type: str choices: immediate, delay, time
- monitor_hold_down_weekday - Day of the week to recover once primary re-establishes. type: str choices: everyday, sunday, monday, tuesday, wednesday, thursday, friday, saturday
- name - IPsec remote gateway name. type: str required: True
- nattraversal - Enable/disable NAT traversal. type: str choices: enable, disable, forced
- negotiate_timeout - IKE SA negotiation timeout in seconds (1 - 300). type: int
- net_device - Enable/disable kernel device creation for dialup instances. type: str choices: enable, disable
- passive_mode - Enable/disable IPsec passive mode for static tunnels. type: str choices: enable, disable
- peer - Accept this peer certificate. Source user.peer.name. type: str
- peergrp - Accept this peer certificate group. Source user.peergrp.name. type: str
- peerid - Accept this peer identity. type: str
- peertype - Accept this peer type. type: str choices: any, one, dialup, peer, peergrp
- ppk - Enable/disable IKEv2 Postquantum Preshared Key (PPK). type: str choices: disable, allow, require
- ppk_identity - IKEv2 Postquantum Preshared Key Identity. type: str
- ppk_secret - IKEv2 Postquantum Preshared Key (ASCII string or hexadecimal encoded with a leading 0x). type: str
- priority - Priority for routes added by IKE (0 - 4294967295). type: int
- proposal - Phase1 proposal. type: list choices: des-md5, des-sha1, des-sha256, des-sha384, des-sha512, 3des-md5, 3des-sha1, 3des-sha256, 3des-sha384, 3des-sha512, aes128-md5, aes128-sha1, aes128-sha256, aes128-sha384, aes128-sha512, aes128gcm-prfsha1, aes128gcm-prfsha256, aes128gcm-prfsha384, aes128gcm-prfsha512, aes192-md5, aes192-sha1, aes192-sha256, aes192-sha384, aes192-sha512, aes256-md5, aes256-sha1, aes256-sha256, aes256-sha384, aes256-sha512, aes256gcm-prfsha1, aes256gcm-prfsha256, aes256gcm-prfsha384, aes256gcm-prfsha512, chacha20poly1305-prfsha1, chacha20poly1305-prfsha256, chacha20poly1305-prfsha384, chacha20poly1305-prfsha512, aria128-md5, aria128-sha1, aria128-sha256, aria128-sha384, aria128-sha512, aria192-md5, aria192-sha1, aria192-sha256, aria192-sha384, aria192-sha512, aria256-md5, aria256-sha1, aria256-sha256, aria256-sha384, aria256-sha512, seed-md5, seed-sha1, seed-sha256, seed-sha384, seed-sha512
- psksecret - Pre-shared secret for PSK authentication (ASCII string or hexadecimal encoded with a leading 0x). type: str
- psksecret_remote - Pre-shared secret for remote side PSK authentication (ASCII string or hexadecimal encoded with a leading 0x). type: str
- reauth - Enable/disable re-authentication upon IKE SA lifetime expiration. type: str choices: disable, enable
- rekey - Enable/disable phase1 rekey. type: str choices: enable, disable
- remote_gw - IPv4 address of the remote gateway"s external interface. type: str
- remote_gw6 - IPv6 address of the remote gateway"s external interface. type: str
- remotegw_ddns - Domain name of remote gateway (eg. name.DDNS.com). type: str
- rsa_signature_format - Digital Signature Authentication RSA signature format. type: str choices: pkcs1, pss
- save_password - Enable/disable saving XAuth username and password on VPN clients. type: str choices: disable, enable
- send_cert_chain - Enable/disable sending certificate chain. type: str choices: enable, disable
- signature_hash_alg - Digital Signature Authentication hash algorithms. type: str choices: sha1, sha2-256, sha2-384, sha2-512
- split_include_service - Split-include services. Source firewall.service.group.name firewall.service.custom.name. type: str
- suite_b - Use Suite-B. type: str choices: disable, suite-b-gcm-128, suite-b-gcm-256
- tunnel_search - Tunnel search method for when the interface is shared. type: str choices: selectors, nexthop
- type - Remote gateway type. type: str choices: static, dynamic, ddns
- unity_support - Enable/disable support for Cisco UNITY Configuration Method extensions. type: str choices: disable, enable
- usrgrp - User group name for dialup peers. Source user.group.name. type: str
- vni - VNI of VXLAN tunnel. type: int
- wizard_type - GUI VPN Wizard Type. type: str choices: custom, dialup-forticlient, dialup-ios, dialup-android, dialup-windows, dialup-cisco, static-fortigate, dialup-fortigate, static-cisco, dialup-cisco-fw
- xauthtype - XAuth type. type: str choices: disable, client, pap, chap, auto
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure VPN remote gateway.
fortios_vpn_ipsec_phase1_interface:
vdom: "{{ vdom }}"
state: "present"
vpn_ipsec_phase1_interface:
acct_verify: "enable"
add_gw_route: "enable"
add_route: "disable"
assign_ip: "disable"
assign_ip_from: "range"
authmethod: "psk"
authmethod_remote: "psk"
authpasswd: "<your_own_value>"
authusr: "<your_own_value>"
authusrgrp: "<your_own_value> (source user.group.name)"
auto_discovery_forwarder: "enable"
auto_discovery_psk: "enable"
auto_discovery_receiver: "enable"
auto_discovery_sender: "enable"
auto_negotiate: "enable"
backup_gateway:
-
address: "<your_own_value>"
banner: "<your_own_value>"
cert_id_validation: "enable"
certificate:
-
name: "default_name_23 (source vpn.certificate.local.name)"
childless_ike: "enable"
client_auto_negotiate: "disable"
client_keep_alive: "disable"
comments: "<your_own_value>"
default_gw: "<your_own_value>"
default_gw_priority: "29"
dhgrp: "1"
digital_signature_auth: "enable"
distance: "32"
dns_mode: "manual"
domain: "<your_own_value>"
dpd: "disable"
dpd_retrycount: "36"
dpd_retryinterval: "<your_own_value>"
eap: "enable"
eap_identity: "use-id-payload"
encap_local_gw4: "<your_own_value>"
encap_local_gw6: "<your_own_value>"
encap_remote_gw4: "<your_own_value>"
encap_remote_gw6: "<your_own_value>"
encapsulation: "none"
encapsulation_address: "ike"
enforce_unique_id: "disable"
exchange_interface_ip: "enable"
exchange_ip_addr4: "<your_own_value>"
exchange_ip_addr6: "<your_own_value>"
forticlient_enforcement: "enable"
fragmentation: "enable"
fragmentation_mtu: "52"
group_authentication: "enable"
group_authentication_secret: "<your_own_value>"
ha_sync_esp_seqno: "enable"
idle_timeout: "enable"
idle_timeoutinterval: "57"
ike_version: "1"
include_local_lan: "disable"
interface: "<your_own_value> (source system.interface.name)"
ip_version: "4"
ipv4_dns_server1: "<your_own_value>"
ipv4_dns_server2: "<your_own_value>"
ipv4_dns_server3: "<your_own_value>"
ipv4_end_ip: "<your_own_value>"
ipv4_exclude_range:
-
end_ip: "<your_own_value>"
id: "68"
start_ip: "<your_own_value>"
ipv4_name: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
ipv4_netmask: "<your_own_value>"
ipv4_split_exclude: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
ipv4_split_include: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
ipv4_start_ip: "<your_own_value>"
ipv4_wins_server1: "<your_own_value>"
ipv4_wins_server2: "<your_own_value>"
ipv6_dns_server1: "<your_own_value>"
ipv6_dns_server2: "<your_own_value>"
ipv6_dns_server3: "<your_own_value>"
ipv6_end_ip: "<your_own_value>"
ipv6_exclude_range:
-
end_ip: "<your_own_value>"
id: "83"
start_ip: "<your_own_value>"
ipv6_name: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
ipv6_prefix: "86"
ipv6_split_exclude: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
ipv6_split_include: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
ipv6_start_ip: "<your_own_value>"
keepalive: "90"
keylife: "91"
local_gw: "<your_own_value>"
local_gw6: "<your_own_value>"
localid: "<your_own_value>"
localid_type: "auto"
mesh_selector_type: "disable"
mode: "aggressive"
mode_cfg: "disable"
monitor: "<your_own_value> (source vpn.ipsec.phase1-interface.name)"
monitor_hold_down_delay: "100"
monitor_hold_down_time: "<your_own_value>"
monitor_hold_down_type: "immediate"
monitor_hold_down_weekday: "everyday"
name: "default_name_104"
nattraversal: "enable"
negotiate_timeout: "106"
net_device: "enable"
passive_mode: "enable"
peer: "<your_own_value> (source user.peer.name)"
peergrp: "<your_own_value> (source user.peergrp.name)"
peerid: "<your_own_value>"
peertype: "any"
ppk: "disable"
ppk_identity: "<your_own_value>"
ppk_secret: "<your_own_value>"
priority: "116"
proposal: "des-md5"
psksecret: "<your_own_value>"
psksecret_remote: "<your_own_value>"
reauth: "disable"
rekey: "enable"
remote_gw: "<your_own_value>"
remote_gw6: "<your_own_value>"
remotegw_ddns: "<your_own_value>"
rsa_signature_format: "pkcs1"
save_password: "disable"
send_cert_chain: "enable"
signature_hash_alg: "sha1"
split_include_service: "<your_own_value> (source firewall.service.group.name firewall.service.custom.name)"
suite_b: "disable"
tunnel_search: "selectors"
type: "static"
unity_support: "disable"
usrgrp: "<your_own_value> (source user.group.name)"
vni: "135"
wizard_type: "custom"
xauthtype: "disable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_vpn_ipsec_phase2 – Configure VPN autokey tunnel in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_ipsec feature and phase2 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- vpn_ipsec_phase2 - Configure VPN autokey tunnel. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- add_route - Enable/disable automatic route addition. type: str choices: phase1, enable, disable
- auto_negotiate - Enable/disable IPsec SA auto-negotiation. type: str choices: enable, disable
- comments - Comment. type: str
- dhcp_ipsec - Enable/disable DHCP-IPsec. type: str choices: enable, disable
- dhgrp - Phase2 DH group. type: str choices: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31
- dst_addr_type - Remote proxy ID type. type: str choices: subnet, range, ip, name
- dst_end_ip - Remote proxy ID IPv4 end. type: str
- dst_end_ip6 - Remote proxy ID IPv6 end. type: str
- dst_name - Remote proxy ID name. Source firewall.address.name firewall.addrgrp.name. type: str
- dst_name6 - Remote proxy ID name. Source firewall.address6.name firewall.addrgrp6.name. type: str
- dst_port - Quick mode destination port (1 - 65535 or 0 for all). type: int
- dst_start_ip - Remote proxy ID IPv4 start. type: str
- dst_start_ip6 - Remote proxy ID IPv6 start. type: str
- dst_subnet - Remote proxy ID IPv4 subnet. type: str
- dst_subnet6 - Remote proxy ID IPv6 subnet. type: str
- encapsulation - ESP encapsulation mode. type: str choices: tunnel-mode, transport-mode
- keepalive - Enable/disable keep alive. type: str choices: enable, disable
- keylife_type - Keylife type. type: str choices: seconds, kbs, both
- keylifekbs - Phase2 key life in number of bytes of traffic (5120 - 4294967295). type: int
- keylifeseconds - Phase2 key life in time in seconds (120 - 172800). type: int
- l2tp - Enable/disable L2TP over IPsec. type: str choices: enable, disable
- name - IPsec tunnel name. type: str required: True
- pfs - Enable/disable PFS feature. type: str choices: enable, disable
- phase1name - Phase 1 determines the options required for phase 2. Source vpn.ipsec.phase1.name. type: str
- proposal - Phase2 proposal. type: str choices: null-md5, null-sha1, null-sha256, null-sha384, null-sha512, des-null, des-md5, des-sha1, des-sha256, des-sha384, des-sha512, 3des-null, 3des-md5, 3des-sha1, 3des-sha256, 3des-sha384, 3des-sha512, aes128-null, aes128-md5, aes128-sha1, aes128-sha256, aes128-sha384, aes128-sha512, aes128gcm, aes192-null, aes192-md5, aes192-sha1, aes192-sha256, aes192-sha384, aes192-sha512, aes256-null, aes256-md5, aes256-sha1, aes256-sha256, aes256-sha384, aes256-sha512, aes256gcm, chacha20poly1305, aria128-null, aria128-md5, aria128-sha1, aria128-sha256, aria128-sha384, aria128-sha512, aria192-null, aria192-md5, aria192-sha1, aria192-sha256, aria192-sha384, aria192-sha512, aria256-null, aria256-md5, aria256-sha1, aria256-sha256, aria256-sha384, aria256-sha512, seed-null, seed-md5, seed-sha1, seed-sha256, seed-sha384, seed-sha512
- protocol - Quick mode protocol selector (1 - 255 or 0 for all). type: int
- replay - Enable/disable replay detection. type: str choices: enable, disable
- route_overlap - Action for overlapping routes. type: str choices: use-old, use-new, allow
- selector_match - Match type to use when comparing selectors. type: str choices: exact, subset, auto
- single_source - Enable/disable single source IP restriction. type: str choices: enable, disable
- src_addr_type - Local proxy ID type. type: str choices: subnet, range, ip, name
- src_end_ip - Local proxy ID end. type: str
- src_end_ip6 - Local proxy ID IPv6 end. type: str
- src_name - Local proxy ID name. Source firewall.address.name firewall.addrgrp.name. type: str
- src_name6 - Local proxy ID name. Source firewall.address6.name firewall.addrgrp6.name. type: str
- src_port - Quick mode source port (1 - 65535 or 0 for all). type: int
- src_start_ip - Local proxy ID start. type: str
- src_start_ip6 - Local proxy ID IPv6 start. type: str
- src_subnet - Local proxy ID subnet. type: str
- src_subnet6 - Local proxy ID IPv6 subnet. type: str
- use_natip - Enable to use the FortiGate public IP as the source selector when outbound NAT is used. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure VPN autokey tunnel.
fortios_vpn_ipsec_phase2:
vdom: "{{ vdom }}"
state: "present"
vpn_ipsec_phase2:
add_route: "phase1"
auto_negotiate: "enable"
comments: "<your_own_value>"
dhcp_ipsec: "enable"
dhgrp: "1"
dst_addr_type: "subnet"
dst_end_ip: "<your_own_value>"
dst_end_ip6: "<your_own_value>"
dst_name: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
dst_name6: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
dst_port: "13"
dst_start_ip: "<your_own_value>"
dst_start_ip6: "<your_own_value>"
dst_subnet: "<your_own_value>"
dst_subnet6: "<your_own_value>"
encapsulation: "tunnel-mode"
keepalive: "enable"
keylife_type: "seconds"
keylifekbs: "21"
keylifeseconds: "22"
l2tp: "enable"
name: "default_name_24"
pfs: "enable"
phase1name: "<your_own_value> (source vpn.ipsec.phase1.name)"
proposal: "null-md5"
protocol: "28"
replay: "enable"
route_overlap: "use-old"
selector_match: "exact"
single_source: "enable"
src_addr_type: "subnet"
src_end_ip: "<your_own_value>"
src_end_ip6: "<your_own_value>"
src_name: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
src_name6: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
src_port: "38"
src_start_ip: "<your_own_value>"
src_start_ip6: "<your_own_value>"
src_subnet: "<your_own_value>"
src_subnet6: "<your_own_value>"
use_natip: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_vpn_ipsec_phase2_interface – Configure VPN autokey tunnel in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_ipsec feature and phase2_interface category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- vpn_ipsec_phase2_interface - Configure VPN autokey tunnel. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- add_route - Enable/disable automatic route addition. type: str choices: phase1, enable, disable
- auto_discovery_forwarder - Enable/disable forwarding short-cut messages. type: str choices: phase1, enable, disable
- auto_discovery_sender - Enable/disable sending short-cut messages. type: str choices: phase1, enable, disable
- auto_negotiate - Enable/disable IPsec SA auto-negotiation. type: str choices: enable, disable
- comments - Comment. type: str
- dhcp_ipsec - Enable/disable DHCP-IPsec. type: str choices: enable, disable
- dhgrp - Phase2 DH group. type: str choices: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31
- dst_addr_type - Remote proxy ID type. type: str choices: subnet, range, ip, name, subnet6, range6, ip6, name6
- dst_end_ip - Remote proxy ID IPv4 end. type: str
- dst_end_ip6 - Remote proxy ID IPv6 end. type: str
- dst_name - Remote proxy ID name. Source firewall.address.name firewall.addrgrp.name. type: str
- dst_name6 - Remote proxy ID name. Source firewall.address6.name firewall.addrgrp6.name. type: str
- dst_port - Quick mode destination port (1 - 65535 or 0 for all). type: int
- dst_start_ip - Remote proxy ID IPv4 start. type: str
- dst_start_ip6 - Remote proxy ID IPv6 start. type: str
- dst_subnet - Remote proxy ID IPv4 subnet. type: str
- dst_subnet6 - Remote proxy ID IPv6 subnet. type: str
- encapsulation - ESP encapsulation mode. type: str choices: tunnel-mode, transport-mode
- keepalive - Enable/disable keep alive. type: str choices: enable, disable
- keylife_type - Keylife type. type: str choices: seconds, kbs, both
- keylifekbs - Phase2 key life in number of bytes of traffic (5120 - 4294967295). type: int
- keylifeseconds - Phase2 key life in time in seconds (120 - 172800). type: int
- l2tp - Enable/disable L2TP over IPsec. type: str choices: enable, disable
- name - IPsec tunnel name. type: str required: True
- pfs - Enable/disable PFS feature. type: str choices: enable, disable
- phase1name - Phase 1 determines the options required for phase 2. Source vpn.ipsec.phase1-interface.name. type: str
- proposal - Phase2 proposal. type: list choices: null-md5, null-sha1, null-sha256, null-sha384, null-sha512, des-null, des-md5, des-sha1, des-sha256, des-sha384, des-sha512, 3des-null, 3des-md5, 3des-sha1, 3des-sha256, 3des-sha384, 3des-sha512, aes128-null, aes128-md5, aes128-sha1, aes128-sha256, aes128-sha384, aes128-sha512, aes128gcm, aes192-null, aes192-md5, aes192-sha1, aes192-sha256, aes192-sha384, aes192-sha512, aes256-null, aes256-md5, aes256-sha1, aes256-sha256, aes256-sha384, aes256-sha512, aes256gcm, chacha20poly1305, aria128-null, aria128-md5, aria128-sha1, aria128-sha256, aria128-sha384, aria128-sha512, aria192-null, aria192-md5, aria192-sha1, aria192-sha256, aria192-sha384, aria192-sha512, aria256-null, aria256-md5, aria256-sha1, aria256-sha256, aria256-sha384, aria256-sha512, seed-null, seed-md5, seed-sha1, seed-sha256, seed-sha384, seed-sha512
- protocol - Quick mode protocol selector (1 - 255 or 0 for all). type: int
- replay - Enable/disable replay detection. type: str choices: enable, disable
- route_overlap - Action for overlapping routes. type: str choices: use-old, use-new, allow
- single_source - Enable/disable single source IP restriction. type: str choices: enable, disable
- src_addr_type - Local proxy ID type. type: str choices: subnet, range, ip, name, subnet6, range6, ip6, name6
- src_end_ip - Local proxy ID end. type: str
- src_end_ip6 - Local proxy ID IPv6 end. type: str
- src_name - Local proxy ID name. Source firewall.address.name firewall.addrgrp.name. type: str
- src_name6 - Local proxy ID name. Source firewall.address6.name firewall.addrgrp6.name. type: str
- src_port - Quick mode source port (1 - 65535 or 0 for all). type: int
- src_start_ip - Local proxy ID start. type: str
- src_start_ip6 - Local proxy ID IPv6 start. type: str
- src_subnet - Local proxy ID subnet. type: str
- src_subnet6 - Local proxy ID IPv6 subnet. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure VPN autokey tunnel.
fortios_vpn_ipsec_phase2_interface:
vdom: "{{ vdom }}"
state: "present"
vpn_ipsec_phase2_interface:
add_route: "phase1"
auto_discovery_forwarder: "phase1"
auto_discovery_sender: "phase1"
auto_negotiate: "enable"
comments: "<your_own_value>"
dhcp_ipsec: "enable"
dhgrp: "1"
dst_addr_type: "subnet"
dst_end_ip: "<your_own_value>"
dst_end_ip6: "<your_own_value>"
dst_name: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
dst_name6: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
dst_port: "15"
dst_start_ip: "<your_own_value>"
dst_start_ip6: "<your_own_value>"
dst_subnet: "<your_own_value>"
dst_subnet6: "<your_own_value>"
encapsulation: "tunnel-mode"
keepalive: "enable"
keylife_type: "seconds"
keylifekbs: "23"
keylifeseconds: "24"
l2tp: "enable"
name: "default_name_26"
pfs: "enable"
phase1name: "<your_own_value> (source vpn.ipsec.phase1-interface.name)"
proposal: "null-md5"
protocol: "30"
replay: "enable"
route_overlap: "use-old"
single_source: "enable"
src_addr_type: "subnet"
src_end_ip: "<your_own_value>"
src_end_ip6: "<your_own_value>"
src_name: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
src_name6: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
src_port: "39"
src_start_ip: "<your_own_value>"
src_start_ip6: "<your_own_value>"
src_subnet: "<your_own_value>"
src_subnet6: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_vpn_l2tp – Configure L2TP in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn feature and l2tp category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- vpn_l2tp - Configure L2TP. type: dict
- eip - End IP. type: str
- enforce_ipsec - Enable/disable IPsec enforcement. type: str choices: enable, disable
- sip - Start IP. type: str
- status - Enable/disable FortiGate as a L2TP gateway. type: str choices: enable, disable
- usrgrp - User group. Source user.group.name. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure L2TP.
fortios_vpn_l2tp:
vdom: "{{ vdom }}"
vpn_l2tp:
eip: "<your_own_value>"
enforce_ipsec: "enable"
sip: "<your_own_value>"
status: "enable"
usrgrp: "<your_own_value> (source user.group.name)"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_vpn_ocvpn – Configure Overlay Controller VPN settings in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn feature and ocvpn category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- vpn_ocvpn - Configure Overlay Controller VPN settings. type: dict
- ha_alias - Hidden HA alias. type: str
- poll_interval - Overlay Controller VPN polling interval. type: int
- status - Enable/disable Overlay Controller cloud assisted VPN. type: str choices: enable, disable
- subnets - Internal subnets to register with Overlay Controller VPN service. type: list
- id - ID. type: int required: True
- interface - LAN interface. Source system.interface.name. type: str
- subnet - IPv4 address and subnet mask. type: str
- type - Subnet type. type: str choices: subnet, interface
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure Overlay Controller VPN settings.
fortios_vpn_ocvpn:
vdom: "{{ vdom }}"
vpn_ocvpn:
ha_alias: "<your_own_value>"
poll_interval: "4"
status: "enable"
subnets:
-
id: "7"
interface: "<your_own_value> (source system.interface.name)"
subnet: "<your_own_value>"
type: "subnet"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_vpn_pptp – Configure PPTP in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn feature and pptp category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- vpn_pptp - Configure PPTP. type: dict
- eip - End IP. type: str
- ip_mode - IP assignment mode for PPTP client. type: str choices: range, usrgrp
- local_ip - Local IP to be used for peer"s remote IP. type: str
- sip - Start IP. type: str
- status - Enable/disable FortiGate as a PPTP gateway. type: str choices: enable, disable
- usrgrp - User group. Source user.group.name. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure PPTP.
fortios_vpn_pptp:
vdom: "{{ vdom }}"
vpn_pptp:
eip: "<your_own_value>"
ip_mode: "range"
local_ip: "<your_own_value>"
sip: "<your_own_value>"
status: "enable"
usrgrp: "<your_own_value> (source user.group.name)"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_vpn_ssl_settings – Configure SSL VPN in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_ssl feature and settings category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- vpn_ssl_settings - Configure SSL VPN. type: dict
- algorithm - Force the SSL-VPN security level. High allows only high. Medium allows medium and high. Low allows any. type: str choices: high, medium, default, low
- auth_timeout - SSL-VPN authentication timeout (1 - 259200 sec (3 days), 0 for no timeout). type: int
- authentication_rule - Authentication rule for SSL VPN. type: list
- auth - SSL VPN authentication method restriction. type: str choices: any, local, radius, tacacs+, ldap
- cipher - SSL VPN cipher strength. type: str choices: any, high, medium
- client_cert - Enable/disable SSL VPN client certificate restrictive. type: str choices: enable, disable
- groups - User groups. type: list
- name - Group name. Source user.group.name. type: str required: True
- id - ID (0 - 4294967295). type: int required: True
- portal - SSL VPN portal. Source vpn.ssl.web.portal.name. type: str
- realm - SSL VPN realm. Source vpn.ssl.web.realm.url-path. type: str
- source_address - Source address of incoming traffic. type: list
- name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: True
- source_address_negate - Enable/disable negated source address match. type: str choices: enable, disable
- source_address6 - IPv6 source address of incoming traffic. type: list
- name - IPv6 address name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: True
- source_address6_negate - Enable/disable negated source IPv6 address match. type: str choices: enable, disable
- source_interface - SSL VPN source interface of incoming traffic. type: list
- name - Interface name. Source system.interface.name system.zone.name. type: str required: True
- users - User name. type: list
- name - User name. Source user.local.name. type: str required: True
- auto_tunnel_static_route - Enable to auto-create static routes for the SSL-VPN tunnel IP addresses. type: str choices: enable, disable
- banned_cipher - Select one or more cipher technologies that cannot be used in SSL-VPN negotiations. type: list choices: RSA, DH, DHE, ECDH, ECDHE, DSS, ECDSA, AES, AESGCM, CAMELLIA, 3DES, SHA1, SHA256, SHA384, STATIC
- check_referer - Enable/disable verification of referer field in HTTP request header. type: str choices: enable, disable
- default_portal - Default SSL VPN portal. Source vpn.ssl.web.portal.name. type: str
- deflate_compression_level - Compression level (0~9). type: int
- deflate_min_data_size - Minimum amount of data that triggers compression (200 - 65535 bytes). type: int
- dns_server1 - DNS server 1. type: str
- dns_server2 - DNS server 2. type: str
- dns_suffix - DNS suffix used for SSL-VPN clients. type: str
- dtls_hello_timeout - SSLVPN maximum DTLS hello timeout (10 - 60 sec). type: int
- dtls_tunnel - Enable DTLS to prevent eavesdropping, tampering, or message forgery. type: str choices: enable, disable
- force_two_factor_auth - Enable to force two-factor authentication for all SSL-VPNs. type: str choices: enable, disable
- header_x_forwarded_for - Forward the same, add, or remove HTTP header. type: str choices: pass, add, remove
- http_compression - Enable to allow HTTP compression over SSL-VPN tunnels. type: str choices: enable, disable
- http_only_cookie - Enable/disable SSL-VPN support for HttpOnly cookies. type: str choices: enable, disable
- http_request_body_timeout - SSL-VPN session is disconnected if an HTTP request body is not received within this time (1 - 60 sec). type: int
- http_request_header_timeout - SSL-VPN session is disconnected if an HTTP request header is not received within this time (1 - 60 sec). type: int
- https_redirect - Enable/disable redirect of port 80 to SSL-VPN port. type: str choices: enable, disable
- idle_timeout - SSL VPN disconnects if idle for specified time in seconds. type: int
- ipv6_dns_server1 - IPv6 DNS server 1. type: str
- ipv6_dns_server2 - IPv6 DNS server 2. type: str
- ipv6_wins_server1 - IPv6 WINS server 1. type: str
- ipv6_wins_server2 - IPv6 WINS server 2. type: str
- login_attempt_limit - SSL VPN maximum login attempt times before block (0 - 10). type: int
- login_block_time - Time for which a user is blocked from logging in after too many failed login attempts (0 - 86400 sec). type: int
- login_timeout - SSLVPN maximum login timeout (10 - 180 sec). type: int
- port - SSL-VPN access port (1 - 65535). type: int
- port_precedence - Enable means that if SSL-VPN connections are allowed on an interface admin GUI connections are blocked on that interface. type: str choices: enable, disable
- reqclientcert - Enable to require client certificates for all SSL-VPN users. type: str choices: enable, disable
- route_source_interface - Enable to allow SSL-VPN sessions to bypass routing and bind to the incoming interface. type: str choices: enable, disable
- servercert - Name of the server certificate to be used for SSL-VPNs. Source vpn.certificate.local.name. type: str
- source_address - Source address of incoming traffic. type: list
- name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: True
- source_address_negate - Enable/disable negated source address match. type: str choices: enable, disable
- source_address6 - IPv6 source address of incoming traffic. type: list
- name - IPv6 address name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: True
- source_address6_negate - Enable/disable negated source IPv6 address match. type: str choices: enable, disable
- source_interface - SSL VPN source interface of incoming traffic. type: list
- name - Interface name. Source system.interface.name system.zone.name. type: str required: True
- ssl_client_renegotiation - Enable to allow client renegotiation by the server if the tunnel goes down. type: str choices: disable, enable
- ssl_insert_empty_fragment - Enable/disable insertion of empty fragment. type: str choices: enable, disable
- tlsv1_0 - Enable/disable TLSv1.0. type: str choices: enable, disable
- tlsv1_1 - Enable/disable TLSv1.1. type: str choices: enable, disable
- tlsv1_2 - Enable/disable TLSv1.2. type: str choices: enable, disable
- tunnel_ip_pools - Names of the IPv4 IP Pool firewall objects that define the IP addresses reserved for remote clients. type: list
- name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: True
- tunnel_ipv6_pools - Names of the IPv6 IP Pool firewall objects that define the IP addresses reserved for remote clients. type: list
- name - Address name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: True
- unsafe_legacy_renegotiation - Enable/disable unsafe legacy re-negotiation. type: str choices: enable, disable
- url_obscuration - Enable to obscure the host name of the URL of the web browser display. type: str choices: enable, disable
- wins_server1 - WINS server 1. type: str
- wins_server2 - WINS server 2. type: str
- x_content_type_options - Add HTTP X-Content-Type-Options header. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure SSL VPN.
fortios_vpn_ssl_settings:
vdom: "{{ vdom }}"
vpn_ssl_settings:
algorithm: "high"
auth_timeout: "4"
authentication_rule:
-
auth: "any"
cipher: "any"
client_cert: "enable"
groups:
-
name: "default_name_10 (source user.group.name)"
id: "11"
portal: "<your_own_value> (source vpn.ssl.web.portal.name)"
realm: "<your_own_value> (source vpn.ssl.web.realm.url-path)"
source_address:
-
name: "default_name_15 (source firewall.address.name firewall.addrgrp.name)"
source_address_negate: "enable"
source_address6:
-
name: "default_name_18 (source firewall.address6.name firewall.addrgrp6.name)"
source_address6_negate: "enable"
source_interface:
-
name: "default_name_21 (source system.interface.name system.zone.name)"
users:
-
name: "default_name_23 (source user.local.name)"
auto_tunnel_static_route: "enable"
banned_cipher: "RSA"
check_referer: "enable"
default_portal: "<your_own_value> (source vpn.ssl.web.portal.name)"
deflate_compression_level: "28"
deflate_min_data_size: "29"
dns_server1: "<your_own_value>"
dns_server2: "<your_own_value>"
dns_suffix: "<your_own_value>"
dtls_hello_timeout: "33"
dtls_tunnel: "enable"
force_two_factor_auth: "enable"
header_x_forwarded_for: "pass"
http_compression: "enable"
http_only_cookie: "enable"
http_request_body_timeout: "39"
http_request_header_timeout: "40"
https_redirect: "enable"
idle_timeout: "42"
ipv6_dns_server1: "<your_own_value>"
ipv6_dns_server2: "<your_own_value>"
ipv6_wins_server1: "<your_own_value>"
ipv6_wins_server2: "<your_own_value>"
login_attempt_limit: "47"
login_block_time: "48"
login_timeout: "49"
port: "50"
port_precedence: "enable"
reqclientcert: "enable"
route_source_interface: "enable"
servercert: "<your_own_value> (source vpn.certificate.local.name)"
source_address:
-
name: "default_name_56 (source firewall.address.name firewall.addrgrp.name)"
source_address_negate: "enable"
source_address6:
-
name: "default_name_59 (source firewall.address6.name firewall.addrgrp6.name)"
source_address6_negate: "enable"
source_interface:
-
name: "default_name_62 (source system.interface.name system.zone.name)"
ssl_client_renegotiation: "disable"
ssl_insert_empty_fragment: "enable"
tlsv1_0: "enable"
tlsv1_1: "enable"
tlsv1_2: "enable"
tunnel_ip_pools:
-
name: "default_name_69 (source firewall.address.name firewall.addrgrp.name)"
tunnel_ipv6_pools:
-
name: "default_name_71 (source firewall.address6.name firewall.addrgrp6.name)"
unsafe_legacy_renegotiation: "enable"
url_obscuration: "enable"
wins_server1: "<your_own_value>"
wins_server2: "<your_own_value>"
x_content_type_options: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_vpn_ssl_web_host_check_software – SSL-VPN host check software in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_ssl_web feature and host_check_software category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- vpn_ssl_web_host_check_software - SSL-VPN host check software. type: dict
- check_item_list - Check item list. type: list
- action - Action. type: str choices: require, deny
- id - ID (0 - 4294967295). type: int required: True
- md5s - MD5 checksum. type: list
- id - Hex string of MD5 checksum. type: str required: True
- target - Target. type: str
- type - Type. type: str choices: file, registry, process
- version - Version. type: str
- guid - Globally unique ID. type: str
- name - Name. type: str required: True
- os_type - OS type. type: str choices: windows, macos
- type - Type. type: str choices: av, fw
- version - Version. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: SSL-VPN host check software.
fortios_vpn_ssl_web_host_check_software:
vdom: "{{ vdom }}"
state: "present"
vpn_ssl_web_host_check_software:
check_item_list:
-
action: "require"
id: "5"
md5s:
-
id: "7"
target: "<your_own_value>"
type: "file"
version: "<your_own_value>"
guid: "<your_own_value>"
name: "default_name_12"
os_type: "windows"
type: "av"
version: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_vpn_ssl_web_portal – Portal in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_ssl_web feature and portal category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- vpn_ssl_web_portal - Portal. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- allow_user_access - Allow user access to SSL-VPN applications. type: str choices: web, ftp, smb, telnet, ssh, vnc, rdp, ping, citrix, portforward
- auto_connect - Enable/disable automatic connect by client when system is up. type: str choices: enable, disable
- bookmark_group - Portal bookmark group. type: list
- bookmarks - Bookmark table. type: list
- additional_params - Additional parameters. type: str
- apptype - Application type. type: str choices: citrix, ftp, portforward, rdp, smb, ssh, telnet, vnc, web
- description - Description. type: str
- folder - Network shared file folder parameter. type: str
- form_data - Form data. type: list
- name - Name. type: str required: True
- value - Value. type: str
- host - Host name/IP parameter. type: str
- listening_port - Listening port (0 - 65535). type: int
- load_balancing_info - The load balancing information or cookie which should be provided to the connection broker. type: str
- logon_password - Logon password. type: str
- logon_user - Logon user. type: str
- name - Bookmark name. type: str required: True
- port - Remote port. type: int
- preconnection_blob - An arbitrary string which identifies the RDP source. type: str
- preconnection_id - The numeric ID of the RDP source (0-2147483648). type: int
- remote_port - Remote port (0 - 65535). type: int
- security - Security mode for RDP connection. type: str choices: rdp, nla, tls, any
- server_layout - Server side keyboard layout. type: str choices: de-de-qwertz, en-gb-qwerty, en-us-qwerty, es-es-qwerty, fr-fr-azerty, fr-ch-qwertz, it-it-qwerty, ja-jp-qwerty, pt-br-qwerty, sv-se-qwerty, tr-tr-qwerty, failsafe
- show_status_window - Enable/disable showing of status window. type: str choices: enable, disable
- sso - Single Sign-On. type: str choices: disable, static, auto
- sso_credential - Single sign-on credentials. type: str choices: sslvpn-login, alternative
- sso_credential_sent_once - Single sign-on credentials are only sent once to remote server. type: str choices: enable, disable
- sso_password - SSO password. type: str
- sso_username - SSO user name. type: str
- url - URL parameter. type: str
- name - Bookmark group name. type: str required: True
- custom_lang - Change the web portal display language. Overrides config system global set language. You can use config system custom-language and execute system custom-language to add custom language files. Source system.custom-language.name. type: str
- customize_forticlient_download_url - Enable support of customized download URL for FortiClient. type: str choices: enable, disable
- display_bookmark - Enable to display the web portal bookmark widget. type: str choices: enable, disable
- display_connection_tools - Enable to display the web portal connection tools widget. type: str choices: enable, disable
- display_history - Enable to display the web portal user login history widget. type: str choices: enable, disable
- display_status - Enable to display the web portal status widget. type: str choices: enable, disable
- dns_server1 - IPv4 DNS server 1. type: str
- dns_server2 - IPv4 DNS server 2. type: str
- dns_suffix - DNS suffix. type: str
- exclusive_routing - Enable/disable all traffic go through tunnel only. type: str choices: enable, disable
- forticlient_download - Enable/disable download option for FortiClient. type: str choices: enable, disable
- forticlient_download_method - FortiClient download method. type: str choices: direct, ssl-vpn
- heading - Web portal heading message. type: str
- hide_sso_credential - Enable to prevent SSO credential being sent to client. type: str choices: enable, disable
- host_check - Type of host checking performed on endpoints. type: str choices: none, av, fw, av-fw, custom
- host_check_interval - Periodic host check interval. Value of 0 means disabled and host checking only happens when the endpoint connects. type: int
- host_check_policy - One or more policies to require the endpoint to have specific security software. type: list
- name - Host check software list name. Source vpn.ssl.web.host-check-software.name. type: str required: True
- ip_mode - Method by which users of this SSL-VPN tunnel obtain IP addresses. type: str choices: range, user-group
- ip_pools - IPv4 firewall source address objects reserved for SSL-VPN tunnel mode clients. type: list
- name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: True
- ipv6_dns_server1 - IPv6 DNS server 1. type: str
- ipv6_dns_server2 - IPv6 DNS server 2. type: str
- ipv6_exclusive_routing - Enable/disable all IPv6 traffic go through tunnel only. type: str choices: enable, disable
- ipv6_pools - IPv4 firewall source address objects reserved for SSL-VPN tunnel mode clients. type: list
- name - Address name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: True
- ipv6_service_restriction - Enable/disable IPv6 tunnel service restriction. type: str choices: enable, disable
- ipv6_split_tunneling - Enable/disable IPv6 split tunneling. type: str choices: enable, disable
- ipv6_split_tunneling_routing_address - IPv6 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneling access. type: list
- name - Address name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: True
- ipv6_tunnel_mode - Enable/disable IPv6 SSL-VPN tunnel mode. type: str choices: enable, disable
- ipv6_wins_server1 - IPv6 WINS server 1. type: str
- ipv6_wins_server2 - IPv6 WINS server 2. type: str
- keep_alive - Enable/disable automatic reconnect for FortiClient connections. type: str choices: enable, disable
- limit_user_logins - Enable to limit each user to one SSL-VPN session at a time. type: str choices: enable, disable
- mac_addr_action - Client MAC address action. type: str choices: allow, deny
- mac_addr_check - Enable/disable MAC address host checking. type: str choices: enable, disable
- mac_addr_check_rule - Client MAC address check rule. type: list
- mac_addr_list - Client MAC address list. type: list
- addr - Client MAC address. type: str required: True
- mac_addr_mask - Client MAC address mask. type: int
- name - Client MAC address check rule name. type: str required: True
- macos_forticlient_download_url - Download URL for Mac FortiClient. type: str
- name - Portal name. type: str required: True
- os_check - Enable to let the FortiGate decide action based on client OS. type: str choices: enable, disable
- os_check_list - SSL VPN OS checks. type: list
- action - OS check options. type: str choices: deny, allow, check-up-to-date
- latest_patch_level - Latest OS patch level. type: str
- name - Name. type: str required: True
- tolerance - OS patch level tolerance. type: int
- redir_url - Client login redirect URL. type: str
- save_password - Enable/disable FortiClient saving the user"s password. type: str choices: enable, disable
- service_restriction - Enable/disable tunnel service restriction. type: str choices: enable, disable
- skip_check_for_unsupported_browser - Enable to skip host check if browser does not support it. type: str choices: enable, disable
- skip_check_for_unsupported_os - Enable to skip host check if client OS does not support it. type: str choices: enable, disable
- smb_ntlmv1_auth - Enable support of NTLMv1 for Samba authentication. type: str choices: enable, disable
- smbv1 - Enable/disable support of SMBv1 for Samba. type: str choices: enable, disable
- split_dns - Split DNS for SSL VPN. type: list
- dns_server1 - DNS server 1. type: str
- dns_server2 - DNS server 2. type: str
- domains - Split DNS domains used for SSL-VPN clients separated by comma(,). type: str
- id - ID. type: int required: True
- ipv6_dns_server1 - IPv6 DNS server 1. type: str
- ipv6_dns_server2 - IPv6 DNS server 2. type: str
- split_tunneling - Enable/disable IPv4 split tunneling. type: str choices: enable, disable
- split_tunneling_routing_address - IPv4 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneling access. type: list
- name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: True
- theme - Web portal color scheme. type: str choices: blue, green, red, melongene, mariner
- tunnel_mode - Enable/disable IPv4 SSL-VPN tunnel mode. type: str choices: enable, disable
- user_bookmark - Enable to allow web portal users to create their own bookmarks. type: str choices: enable, disable
- user_group_bookmark - Enable to allow web portal users to create bookmarks for all users in the same user group. type: str choices: enable, disable
- web_mode - Enable/disable SSL VPN web mode. type: str choices: enable, disable
- windows_forticlient_download_url - Download URL for Windows FortiClient. type: str
- wins_server1 - IPv4 WINS server 1. type: str
- wins_server2 - IPv4 WINS server 1. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Portal.
fortios_vpn_ssl_web_portal:
vdom: "{{ vdom }}"
state: "present"
vpn_ssl_web_portal:
allow_user_access: "web"
auto_connect: "enable"
bookmark_group:
-
bookmarks:
-
additional_params: "<your_own_value>"
apptype: "citrix"
description: "<your_own_value>"
folder: "<your_own_value>"
form_data:
-
name: "default_name_12"
value: "<your_own_value>"
host: "<your_own_value>"
listening_port: "15"
load_balancing_info: "<your_own_value>"
logon_password: "<your_own_value>"
logon_user: "<your_own_value>"
name: "default_name_19"
port: "20"
preconnection_blob: "<your_own_value>"
preconnection_id: "22"
remote_port: "23"
security: "rdp"
server_layout: "de-de-qwertz"
show_status_window: "enable"
sso: "disable"
sso_credential: "sslvpn-login"
sso_credential_sent_once: "enable"
sso_password: "<your_own_value>"
sso_username: "<your_own_value>"
url: "myurl.com"
name: "default_name_33"
custom_lang: "<your_own_value> (source system.custom-language.name)"
customize_forticlient_download_url: "enable"
display_bookmark: "enable"
display_connection_tools: "enable"
display_history: "enable"
display_status: "enable"
dns_server1: "<your_own_value>"
dns_server2: "<your_own_value>"
dns_suffix: "<your_own_value>"
exclusive_routing: "enable"
forticlient_download: "enable"
forticlient_download_method: "direct"
heading: "<your_own_value>"
hide_sso_credential: "enable"
host_check: "none"
host_check_interval: "49"
host_check_policy:
-
name: "default_name_51 (source vpn.ssl.web.host-check-software.name)"
ip_mode: "range"
ip_pools:
-
name: "default_name_54 (source firewall.address.name firewall.addrgrp.name)"
ipv6_dns_server1: "<your_own_value>"
ipv6_dns_server2: "<your_own_value>"
ipv6_exclusive_routing: "enable"
ipv6_pools:
-
name: "default_name_59 (source firewall.address6.name firewall.addrgrp6.name)"
ipv6_service_restriction: "enable"
ipv6_split_tunneling: "enable"
ipv6_split_tunneling_routing_address:
-
name: "default_name_63 (source firewall.address6.name firewall.addrgrp6.name)"
ipv6_tunnel_mode: "enable"
ipv6_wins_server1: "<your_own_value>"
ipv6_wins_server2: "<your_own_value>"
keep_alive: "enable"
limit_user_logins: "enable"
mac_addr_action: "allow"
mac_addr_check: "enable"
mac_addr_check_rule:
-
mac_addr_list:
-
addr: "<your_own_value>"
mac_addr_mask: "74"
name: "default_name_75"
macos_forticlient_download_url: "<your_own_value>"
name: "default_name_77"
os_check: "enable"
os_check_list:
-
action: "deny"
latest_patch_level: "<your_own_value>"
name: "default_name_82"
tolerance: "83"
redir_url: "<your_own_value>"
save_password: "enable"
service_restriction: "enable"
skip_check_for_unsupported_browser: "enable"
skip_check_for_unsupported_os: "enable"
smb_ntlmv1_auth: "enable"
smbv1: "enable"
split_dns:
-
dns_server1: "<your_own_value>"
dns_server2: "<your_own_value>"
domains: "<your_own_value>"
id: "95"
ipv6_dns_server1: "<your_own_value>"
ipv6_dns_server2: "<your_own_value>"
split_tunneling: "enable"
split_tunneling_routing_address:
-
name: "default_name_100 (source firewall.address.name firewall.addrgrp.name)"
theme: "blue"
tunnel_mode: "enable"
user_bookmark: "enable"
user_group_bookmark: "enable"
web_mode: "enable"
windows_forticlient_download_url: "<your_own_value>"
wins_server1: "<your_own_value>"
wins_server2: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_vpn_ssl_web_realm – Realm in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_ssl_web feature and realm category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- vpn_ssl_web_realm - Realm. type: dict
- login_page - Replacement HTML for SSL-VPN login page. type: str
- max_concurrent_user - Maximum concurrent users (0 - 65535, 0 means unlimited). type: int
- url_path - URL path to access SSL-VPN login page. type: str
- virtual_host - Virtual host name for realm. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Realm.
fortios_vpn_ssl_web_realm:
vdom: "{{ vdom }}"
state: "present"
vpn_ssl_web_realm:
login_page: "<your_own_value>"
max_concurrent_user: "4"
url_path: "<your_own_value>"
virtual_host: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_vpn_ssl_web_user_bookmark – Configure SSL VPN user bookmark in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_ssl_web feature and user_bookmark category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- vpn_ssl_web_user_bookmark - Configure SSL VPN user bookmark. type: dict
- bookmarks - Bookmark table. type: list
- additional_params - Additional parameters. type: str
- apptype - Application type. type: str choices: citrix, ftp, portforward, rdp, smb, ssh, telnet, vnc, web
- description - Description. type: str
- folder - Network shared file folder parameter. type: str
- form_data - Form data. type: list
- name - Name. type: str required: True
- value - Value. type: str
- host - Host name/IP parameter. type: str
- listening_port - Listening port (0 - 65535). type: int
- load_balancing_info - The load balancing information or cookie which should be provided to the connection broker. type: str
- logon_password - Logon password. type: str
- logon_user - Logon user. type: str
- name - Bookmark name. type: str required: True
- port - Remote port. type: int
- preconnection_blob - An arbitrary string which identifies the RDP source. type: str
- preconnection_id - The numeric ID of the RDP source (0-2147483648). type: int
- remote_port - Remote port (0 - 65535). type: int
- security - Security mode for RDP connection. type: str choices: rdp, nla, tls, any
- server_layout - Server side keyboard layout. type: str choices: de-de-qwertz, en-gb-qwerty, en-us-qwerty, es-es-qwerty, fr-fr-azerty, fr-ch-qwertz, it-it-qwerty, ja-jp-qwerty, pt-br-qwerty, sv-se-qwerty, tr-tr-qwerty, failsafe
- show_status_window - Enable/disable showing of status window. type: str choices: enable, disable
- sso - Single Sign-On. type: str choices: disable, static, auto
- sso_credential - Single sign-on credentials. type: str choices: sslvpn-login, alternative
- sso_credential_sent_once - Single sign-on credentials are only sent once to remote server. type: str choices: enable, disable
- sso_password - SSO password. type: str
- sso_username - SSO user name. type: str
- url - URL parameter. type: str
- custom_lang - Personal language. Source system.custom-language.name. type: str
- name - User and group name. type: str required: True
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure SSL VPN user bookmark.
fortios_vpn_ssl_web_user_bookmark:
vdom: "{{ vdom }}"
state: "present"
vpn_ssl_web_user_bookmark:
bookmarks:
-
additional_params: "<your_own_value>"
apptype: "citrix"
description: "<your_own_value>"
folder: "<your_own_value>"
form_data:
-
name: "default_name_9"
value: "<your_own_value>"
host: "<your_own_value>"
listening_port: "12"
load_balancing_info: "<your_own_value>"
logon_password: "<your_own_value>"
logon_user: "<your_own_value>"
name: "default_name_16"
port: "17"
preconnection_blob: "<your_own_value>"
preconnection_id: "19"
remote_port: "20"
security: "rdp"
server_layout: "de-de-qwertz"
show_status_window: "enable"
sso: "disable"
sso_credential: "sslvpn-login"
sso_credential_sent_once: "enable"
sso_password: "<your_own_value>"
sso_username: "<your_own_value>"
url: "myurl.com"
custom_lang: "<your_own_value> (source system.custom-language.name)"
name: "default_name_31"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_vpn_ssl_web_user_group_bookmark – Configure SSL VPN user group bookmark in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_ssl_web feature and user_group_bookmark category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- vpn_ssl_web_user_group_bookmark - Configure SSL VPN user group bookmark. type: dict
- bookmarks - Bookmark table. type: list
- additional_params - Additional parameters. type: str
- apptype - Application type. type: str choices: citrix, ftp, portforward, rdp, smb, ssh, telnet, vnc, web
- description - Description. type: str
- folder - Network shared file folder parameter. type: str
- form_data - Form data. type: list
- name - Name. type: str required: True
- value - Value. type: str
- host - Host name/IP parameter. type: str
- listening_port - Listening port (0 - 65535). type: int
- load_balancing_info - The load balancing information or cookie which should be provided to the connection broker. type: str
- logon_password - Logon password. type: str
- logon_user - Logon user. type: str
- name - Bookmark name. type: str required: True
- port - Remote port. type: int
- preconnection_blob - An arbitrary string which identifies the RDP source. type: str
- preconnection_id - The numeric ID of the RDP source (0-2147483648). type: int
- remote_port - Remote port (0 - 65535). type: int
- security - Security mode for RDP connection. type: str choices: rdp, nla, tls, any
- server_layout - Server side keyboard layout. type: str choices: de-de-qwertz, en-gb-qwerty, en-us-qwerty, es-es-qwerty, fr-fr-azerty, fr-ch-qwertz, it-it-qwerty, ja-jp-qwerty, pt-br-qwerty, sv-se-qwerty, tr-tr-qwerty, failsafe
- show_status_window - Enable/disable showing of status window. type: str choices: enable, disable
- sso - Single Sign-On. type: str choices: disable, static, auto
- sso_credential - Single sign-on credentials. type: str choices: sslvpn-login, alternative
- sso_credential_sent_once - Single sign-on credentials are only sent once to remote server. type: str choices: enable, disable
- sso_password - SSO password. type: str
- sso_username - SSO user name. type: str
- url - URL parameter. type: str
- name - Group name. Source user.group.name. type: str required: True
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure SSL VPN user group bookmark.
fortios_vpn_ssl_web_user_group_bookmark:
vdom: "{{ vdom }}"
state: "present"
vpn_ssl_web_user_group_bookmark:
bookmarks:
-
additional_params: "<your_own_value>"
apptype: "citrix"
description: "<your_own_value>"
folder: "<your_own_value>"
form_data:
-
name: "default_name_9"
value: "<your_own_value>"
host: "<your_own_value>"
listening_port: "12"
load_balancing_info: "<your_own_value>"
logon_password: "<your_own_value>"
logon_user: "<your_own_value>"
name: "default_name_16"
port: "17"
preconnection_blob: "<your_own_value>"
preconnection_id: "19"
remote_port: "20"
security: "rdp"
server_layout: "de-de-qwertz"
show_status_window: "enable"
sso: "disable"
sso_credential: "sslvpn-login"
sso_credential_sent_once: "enable"
sso_password: "<your_own_value>"
sso_username: "<your_own_value>"
url: "myurl.com"
name: "default_name_30 (source user.group.name)"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_waf_profile – Web application firewall configuration in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify waf feature and profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- waf_profile - Web application firewall configuration. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- address_list - Black address list and white address list. type: dict
- blocked_address - Blocked address. type: list
- name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: True
- blocked_log - Enable/disable logging on blocked addresses. type: str choices: enable, disable
- severity - Severity. type: str choices: high, medium, low
- status - Status. type: str choices: enable, disable
- trusted_address - Trusted address. type: list
- name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: True
- comment - Comment. type: str
- constraint - WAF HTTP protocol restrictions. type: dict
- content_length - HTTP content length in request. type: dict
- action - Action. type: str choices: allow, block
- length - Length of HTTP content in bytes (0 to 2147483647). type: int
- log - Enable/disable logging. type: str choices: enable, disable
- severity - Severity. type: str choices: high, medium, low
- status - Enable/disable the constraint. type: str choices: enable, disable
- exception - HTTP constraint exception. type: list
- address - Host address. Source firewall.address.name firewall.addrgrp.name. type: str
- content_length - HTTP content length in request. type: str choices: enable, disable
- header_length - HTTP header length in request. type: str choices: enable, disable
- hostname - Enable/disable hostname check. type: str choices: enable, disable
- id - Exception ID. type: int required: True
- line_length - HTTP line length in request. type: str choices: enable, disable
- malformed - Enable/disable malformed HTTP request check. type: str choices: enable, disable
- max_cookie - Maximum number of cookies in HTTP request. type: str choices: enable, disable
- max_header_line - Maximum number of HTTP header line. type: str choices: enable, disable
- max_range_segment - Maximum number of range segments in HTTP range line. type: str choices: enable, disable
- max_url_param - Maximum number of parameters in URL. type: str choices: enable, disable
- method - Enable/disable HTTP method check. type: str choices: enable, disable
- param_length - Maximum length of parameter in URL, HTTP POST request or HTTP body. type: str choices: enable, disable
- pattern - URL pattern. type: str
- regex - Enable/disable regular expression based pattern match. type: str choices: enable, disable
- url_param_length - Maximum length of parameter in URL. type: str choices: enable, disable
- version - Enable/disable HTTP version check. type: str choices: enable, disable
- header_length - HTTP header length in request. type: dict
- action - Action. type: str choices: allow, block
- length - Length of HTTP header in bytes (0 to 2147483647). type: int
- log - Enable/disable logging. type: str choices: enable, disable
- severity - Severity. type: str choices: high, medium, low
- status - Enable/disable the constraint. type: str choices: enable, disable
- hostname - Enable/disable hostname check. type: dict
- action - Action. type: str choices: allow, block
- log - Enable/disable logging. type: str choices: enable, disable
- severity - Severity. type: str choices: high, medium, low
- status - Enable/disable the constraint. type: str choices: enable, disable
- line_length - HTTP line length in request. type: dict
- action - Action. type: str choices: allow, block
- length - Length of HTTP line in bytes (0 to 2147483647). type: int
- log - Enable/disable logging. type: str choices: enable, disable
- severity - Severity. type: str choices: high, medium, low
- status - Enable/disable the constraint. type: str choices: enable, disable
- malformed - Enable/disable malformed HTTP request check. type: dict
- action - Action. type: str choices: allow, block
- log - Enable/disable logging. type: str choices: enable, disable
- severity - Severity. type: str choices: high, medium, low
- status - Enable/disable the constraint. type: str choices: enable, disable
- max_cookie - Maximum number of cookies in HTTP request. type: dict
- action - Action. type: str choices: allow, block
- log - Enable/disable logging. type: str choices: enable, disable
- max_cookie - Maximum number of cookies in HTTP request (0 to 2147483647). type: int
- severity - Severity. type: str choices: high, medium, low
- status - Enable/disable the constraint. type: str choices: enable, disable
- max_header_line - Maximum number of HTTP header line. type: dict
- action - Action. type: str choices: allow, block
- log - Enable/disable logging. type: str choices: enable, disable
- max_header_line - Maximum number HTTP header lines (0 to 2147483647). type: int
- severity - Severity. type: str choices: high, medium, low
- status - Enable/disable the constraint. type: str choices: enable, disable
- max_range_segment - Maximum number of range segments in HTTP range line. type: dict
- action - Action. type: str choices: allow, block
- log - Enable/disable logging. type: str choices: enable, disable
- max_range_segment - Maximum number of range segments in HTTP range line (0 to 2147483647). type: int
- severity - Severity. type: str choices: high, medium, low
- status - Enable/disable the constraint. type: str choices: enable, disable
- max_url_param - Maximum number of parameters in URL. type: dict
- action - Action. type: str choices: allow, block
- log - Enable/disable logging. type: str choices: enable, disable
- max_url_param - Maximum number of parameters in URL (0 to 2147483647). type: int
- severity - Severity. type: str choices: high, medium, low
- status - Enable/disable the constraint. type: str choices: enable, disable
- method - Enable/disable HTTP method check. type: dict
- action - Action. type: str choices: allow, block
- log - Enable/disable logging. type: str choices: enable, disable
- severity - Severity. type: str choices: high, medium, low
- status - Enable/disable the constraint. type: str choices: enable, disable
- param_length - Maximum length of parameter in URL, HTTP POST request or HTTP body. type: dict
- action - Action. type: str choices: allow, block
- length - Maximum length of parameter in URL, HTTP POST request or HTTP body in bytes (0 to 2147483647). type: int
- log - Enable/disable logging. type: str choices: enable, disable
- severity - Severity. type: str choices: high, medium, low
- status - Enable/disable the constraint. type: str choices: enable, disable
- url_param_length - Maximum length of parameter in URL. type: dict
- action - Action. type: str choices: allow, block
- length - Maximum length of URL parameter in bytes (0 to 2147483647). type: int
- log - Enable/disable logging. type: str choices: enable, disable
- severity - Severity. type: str choices: high, medium, low
- status - Enable/disable the constraint. type: str choices: enable, disable
- version - Enable/disable HTTP version check. type: dict
- action - Action. type: str choices: allow, block
- log - Enable/disable logging. type: str choices: enable, disable
- severity - Severity. type: str choices: high, medium, low
- status - Enable/disable the constraint. type: str choices: enable, disable
- extended_log - Enable/disable extended logging. type: str choices: enable, disable
- external - Disable/Enable external HTTP Inspection. type: str choices: disable, enable
- method - Method restriction. type: dict
- default_allowed_methods - Methods. type: str choices: get, post, put, head, connect, trace, options, delete, others
- log - Enable/disable logging. type: str choices: enable, disable
- method_policy - HTTP method policy. type: list
- address - Host address. Source firewall.address.name firewall.addrgrp.name. type: str
- allowed_methods - Allowed Methods. type: str choices: get, post, put, head, connect, trace, options, delete, others
- id - HTTP method policy ID. type: int required: True
- pattern - URL pattern. type: str
- regex - Enable/disable regular expression based pattern match. type: str choices: enable, disable
- severity - Severity. type: str choices: high, medium, low
- status - Status. type: str choices: enable, disable
- name - WAF Profile name. type: str required: True
- signature - WAF signatures. type: dict
- credit_card_detection_threshold - The minimum number of Credit cards to detect violation. type: int
- custom_signature - Custom signature. type: list
- action - Action. type: str choices: allow, block, erase
- case_sensitivity - Case sensitivity in pattern. type: str choices: disable, enable
- direction - Traffic direction. type: str choices: request, response
- log - Enable/disable logging. type: str choices: enable, disable
- name - Signature name. type: str required: True
- pattern - Match pattern. type: str
- severity - Severity. type: str choices: high, medium, low
- status - Status. type: str choices: enable, disable
- target - Match HTTP target. type: str choices: arg, arg-name, req-body, req-cookie, req-cookie-name, req-filename, req-header, req-header-name, req-raw-uri, req-uri, resp-body, resp-hdr, resp-status
- disabled_signature - Disabled signatures type: list
- id - Signature ID. Source waf.signature.id. type: int required: True
- disabled_sub_class - Disabled signature subclasses. type: list
- id - Signature subclass ID. Source waf.sub-class.id. type: int required: True
- main_class - Main signature class. type: list
- action - Action. type: str choices: allow, block, erase
- id - Main signature class ID. Source waf.main-class.id. type: int required: True
- log - Enable/disable logging. type: str choices: enable, disable
- severity - Severity. type: str choices: high, medium, low
- status - Status. type: str choices: enable, disable
- url_access - URL access list type: list
- access_pattern - URL access pattern. type: list
- id - URL access pattern ID. type: int required: True
- negate - Enable/disable match negation. type: str choices: enable, disable
- pattern - URL pattern. type: str
- regex - Enable/disable regular expression based pattern match. type: str choices: enable, disable
- srcaddr - Source address. Source firewall.address.name firewall.addrgrp.name. type: str
- action - Action. type: str choices: bypass, permit, block
- address - Host address. Source firewall.address.name firewall.addrgrp.name. type: str
- id - URL access ID. type: int required: True
- log - Enable/disable logging. type: str choices: enable, disable
- severity - Severity. type: str choices: high, medium, low
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Web application firewall configuration.
fortios_waf_profile:
vdom: "{{ vdom }}"
state: "present"
waf_profile:
address_list:
blocked_address:
-
name: "default_name_5 (source firewall.address.name firewall.addrgrp.name)"
blocked_log: "enable"
severity: "high"
status: "enable"
trusted_address:
-
name: "default_name_10 (source firewall.address.name firewall.addrgrp.name)"
comment: "Comment."
constraint:
content_length:
action: "allow"
length: "15"
log: "enable"
severity: "high"
status: "enable"
exception:
-
address: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
content_length: "enable"
header_length: "enable"
hostname: "enable"
id: "24"
line_length: "enable"
malformed: "enable"
max_cookie: "enable"
max_header_line: "enable"
max_range_segment: "enable"
max_url_param: "enable"
method: "enable"
param_length: "enable"
pattern: "<your_own_value>"
regex: "enable"
url_param_length: "enable"
version: "enable"
header_length:
action: "allow"
length: "39"
log: "enable"
severity: "high"
status: "enable"
hostname:
action: "allow"
log: "enable"
severity: "high"
status: "enable"
line_length:
action: "allow"
length: "50"
log: "enable"
severity: "high"
status: "enable"
malformed:
action: "allow"
log: "enable"
severity: "high"
status: "enable"
max_cookie:
action: "allow"
log: "enable"
max_cookie: "62"
severity: "high"
status: "enable"
max_header_line:
action: "allow"
log: "enable"
max_header_line: "68"
severity: "high"
status: "enable"
max_range_segment:
action: "allow"
log: "enable"
max_range_segment: "74"
severity: "high"
status: "enable"
max_url_param:
action: "allow"
log: "enable"
max_url_param: "80"
severity: "high"
status: "enable"
method:
action: "allow"
log: "enable"
severity: "high"
status: "enable"
param_length:
action: "allow"
length: "90"
log: "enable"
severity: "high"
status: "enable"
url_param_length:
action: "allow"
length: "96"
log: "enable"
severity: "high"
status: "enable"
version:
action: "allow"
log: "enable"
severity: "high"
status: "enable"
extended_log: "enable"
external: "disable"
method:
default_allowed_methods: "get"
log: "enable"
method_policy:
-
address: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
allowed_methods: "get"
id: "113"
pattern: "<your_own_value>"
regex: "enable"
severity: "high"
status: "enable"
name: "default_name_118"
signature:
credit_card_detection_threshold: "120"
custom_signature:
-
action: "allow"
case_sensitivity: "disable"
direction: "request"
log: "enable"
name: "default_name_126"
pattern: "<your_own_value>"
severity: "high"
status: "enable"
target: "arg"
disabled_signature:
-
id: "132 (source waf.signature.id)"
disabled_sub_class:
-
id: "134 (source waf.sub-class.id)"
main_class:
-
action: "allow"
id: "137 (source waf.main-class.id)"
log: "enable"
severity: "high"
status: "enable"
url_access:
-
access_pattern:
-
id: "143"
negate: "enable"
pattern: "<your_own_value>"
regex: "enable"
srcaddr: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
action: "bypass"
address: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
id: "150"
log: "enable"
severity: "high"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_wanopt_auth_group – Configure WAN optimization authentication groups in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wanopt feature and auth_group category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- wanopt_auth_group - Configure WAN optimization authentication groups. type: dict
- auth_method - Select certificate or pre-shared key authentication for this authentication group. type: str choices: cert, psk
- cert - Name of certificate to identify this peer. Source vpn.certificate.local.name. type: str
- name - Auth-group name. type: str required: True
- peer - If peer-accept is set to one, select the name of one peer to add to this authentication group. The peer must have added with the wanopt peer command. Source wanopt.peer.peer-host-id. type: str
- peer_accept - Determine if this auth group accepts, any peer, a list of defined peers, or just one peer. type: str choices: any, defined, one
- psk - Pre-shared key used by the peers in this authentication group. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure WAN optimization authentication groups.
fortios_wanopt_auth_group:
vdom: "{{ vdom }}"
state: "present"
wanopt_auth_group:
auth_method: "cert"
cert: "<your_own_value> (source vpn.certificate.local.name)"
name: "default_name_5"
peer: "<your_own_value> (source wanopt.peer.peer-host-id)"
peer_accept: "any"
psk: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_wanopt_cache_service – Designate cache-service for wan-optimization and webcache in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wanopt feature and cache_service category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- wanopt_cache_service - Designate cache-service for wan-optimization and webcache. type: dict
- acceptable_connections - Set strategy when accepting cache collaboration connection. type: str choices: any, peers
- collaboration - Enable/disable cache-collaboration between cache-service clusters. type: str choices: enable, disable
- device_id - Set identifier for this cache device. type: str
- dst_peer - Modify cache-service destination peer list. type: list
- auth_type - Set authentication type for this peer. type: int
- device_id - Device ID of this peer. type: str
- encode_type - Set encode type for this peer. type: int
- ip - Set cluster IP address of this peer. type: str
- priority - Set priority for this peer. type: int
- prefer_scenario - Set the preferred cache behavior towards the balance between latency and hit-ratio. type: str choices: balance, prefer-speed, prefer-cache
- src_peer - Modify cache-service source peer list. type: list
- auth_type - Set authentication type for this peer. type: int
- device_id - Device ID of this peer. type: str
- encode_type - Set encode type for this peer. type: int
- ip - Set cluster IP address of this peer. type: str
- priority - Set priority for this peer. type: int
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Designate cache-service for wan-optimization and webcache.
fortios_wanopt_cache_service:
vdom: "{{ vdom }}"
wanopt_cache_service:
acceptable_connections: "any"
collaboration: "enable"
device_id: "<your_own_value>"
dst_peer:
-
auth_type: "7"
device_id: "<your_own_value>"
encode_type: "9"
ip: "<your_own_value>"
priority: "11"
prefer_scenario: "balance"
src_peer:
-
auth_type: "14"
device_id: "<your_own_value>"
encode_type: "16"
ip: "<your_own_value>"
priority: "18"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_wanopt_content_delivery_network_rule – Configure WAN optimization content delivery network rules in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wanopt feature and content_delivery_network_rule category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- wanopt_content_delivery_network_rule - Configure WAN optimization content delivery network rules. type: dict
- category - Content delivery network rule category. type: str choices: vcache, youtube
- comment - Comment about this CDN-rule. type: str
- host_domain_name_suffix - Suffix portion of the fully qualified domain name (eg. fortinet.com in "www.fortinet.com"). type: list
- name - Suffix portion of the fully qualified domain name. type: str required: True
- name - Name of table. type: str required: True
- request_cache_control - Enable/disable HTTP request cache control. type: str choices: enable, disable
- response_cache_control - Enable/disable HTTP response cache control. type: str choices: enable, disable
- response_expires - Enable/disable HTTP response cache expires. type: str choices: enable, disable
- rules - WAN optimization content delivery network rule entries. type: list
- content_id - Content ID settings. type: dict
- end_direction - Search direction from end-str match. type: str choices: forward, backward
- end_skip - Number of characters in URL to skip after end-str has been matched. type: int
- end_str - String from which to end search. type: str
- range_str - Name of content ID within the start string and end string. type: str
- start_direction - Search direction from start-str match. type: str choices: forward, backward
- start_skip - Number of characters in URL to skip after start-str has been matched. type: int
- start_str - String from which to start search. type: str
- target - Option in HTTP header or URL parameter to match. type: str choices: path, parameter, referrer, youtube-map, youtube-id, youku-id, hls-manifest, dash-manifest, hls-fragment, dash-fragment
- match_entries - List of entries to match. type: list
- id - Rule ID. type: int required: True
- pattern - Pattern string for matching target (Referrer or URL pattern, eg. "a", "a*c", "*a*", "a*c*e", and "*"). type: list
- string - Pattern strings. type: str required: True
- target - Option in HTTP header or URL parameter to match. type: str choices: path, parameter, referrer, youtube-map, youtube-id, youku-id
- match_mode - Match criteria for collecting content ID. type: str choices: all, any
- name - WAN optimization content delivery network rule name. type: str required: True
- skip_entries - List of entries to skip. type: list
- id - Rule ID. type: int required: True
- pattern - Pattern string for matching target (Referrer or URL pattern, eg. "a", "a*c", "*a*", "a*c*e", and "*"). type: list
- string - Pattern strings. type: str required: True
- target - Option in HTTP header or URL parameter to match. type: str choices: path, parameter, referrer, youtube-map, youtube-id, youku-id
- skip_rule_mode - Skip mode when evaluating skip-rules. type: str choices: all, any
- status - Enable/disable WAN optimization content delivery network rules. type: str choices: enable, disable
- text_response_vcache - Enable/disable caching of text responses. type: str choices: enable, disable
- updateserver - Enable/disable update server. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure WAN optimization content delivery network rules.
fortios_wanopt_content_delivery_network_rule:
vdom: "{{ vdom }}"
state: "present"
wanopt_content_delivery_network_rule:
category: "vcache"
comment: "Comment about this CDN-rule."
host_domain_name_suffix:
-
name: "default_name_6"
name: "default_name_7"
request_cache_control: "enable"
response_cache_control: "enable"
response_expires: "enable"
rules:
-
content_id:
end_direction: "forward"
end_skip: "14"
end_str: "<your_own_value>"
range_str: "<your_own_value>"
start_direction: "forward"
start_skip: "18"
start_str: "<your_own_value>"
target: "path"
match_entries:
-
id: "22"
pattern:
-
string: "<your_own_value>"
target: "path"
match_mode: "all"
name: "default_name_27"
skip_entries:
-
id: "29"
pattern:
-
string: "<your_own_value>"
target: "path"
skip_rule_mode: "all"
status: "enable"
text_response_vcache: "enable"
updateserver: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_wanopt_peer – Configure WAN optimization peers in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wanopt feature and peer category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- wanopt_peer - Configure WAN optimization peers. type: dict
- ip - Peer IP address. type: str
- peer_host_id - Peer host ID. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure WAN optimization peers.
fortios_wanopt_peer:
vdom: "{{ vdom }}"
state: "present"
wanopt_peer:
ip: "<your_own_value>"
peer_host_id: "myhostname"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_wanopt_profile – Configure WAN optimization profiles in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wanopt feature and profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- wanopt_profile - Configure WAN optimization profiles. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- auth_group - Optionally add an authentication group to restrict access to the WAN Optimization tunnel to peers in the authentication group. Source wanopt.auth-group.name. type: str
- cifs - Enable/disable CIFS (Windows sharing) WAN Optimization and configure CIFS WAN Optimization features. type: dict
- byte_caching - Enable/disable byte-caching for HTTP. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache. type: str choices: enable, disable
- log_traffic - Enable/disable logging. type: str choices: enable, disable
- port - Single port number or port number range for CIFS. Only packets with a destination port number that matches this port number or range are accepted by this profile. type: int
- prefer_chunking - Select dynamic or fixed-size data chunking for HTTP WAN Optimization. type: str choices: dynamic, fix
- secure_tunnel - Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810). type: str choices: enable, disable
- status - Enable/disable HTTP WAN Optimization. type: str choices: enable, disable
- tunnel_sharing - Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols. type: str choices: private, shared, express-shared
- comments - Comment. type: str
- ftp - Enable/disable FTP WAN Optimization and configure FTP WAN Optimization features. type: dict
- byte_caching - Enable/disable byte-caching for HTTP. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache. type: str choices: enable, disable
- log_traffic - Enable/disable logging. type: str choices: enable, disable
- port - Single port number or port number range for FTP. Only packets with a destination port number that matches this port number or range are accepted by this profile. type: int
- prefer_chunking - Select dynamic or fixed-size data chunking for HTTP WAN Optimization. type: str choices: dynamic, fix
- secure_tunnel - Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810). type: str choices: enable, disable
- status - Enable/disable HTTP WAN Optimization. type: str choices: enable, disable
- tunnel_sharing - Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols. type: str choices: private, shared, express-shared
- http - Enable/disable HTTP WAN Optimization and configure HTTP WAN Optimization features. type: dict
- byte_caching - Enable/disable byte-caching for HTTP. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache. type: str choices: enable, disable
- log_traffic - Enable/disable logging. type: str choices: enable, disable
- port - Single port number or port number range for HTTP. Only packets with a destination port number that matches this port number or range are accepted by this profile. type: int
- prefer_chunking - Select dynamic or fixed-size data chunking for HTTP WAN Optimization. type: str choices: dynamic, fix
- secure_tunnel - Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810). type: str choices: enable, disable
- ssl - Enable/disable SSL/TLS offloading (hardware acceleration) for HTTPS traffic in this tunnel. type: str choices: enable, disable
- ssl_port - Port on which to expect HTTPS traffic for SSL/TLS offloading. type: int
- status - Enable/disable HTTP WAN Optimization. type: str choices: enable, disable
- tunnel_non_http - Configure how to process non-HTTP traffic when a profile configured for HTTP traffic accepts a non-HTTP session. Can occur if an application sends non-HTTP traffic using an HTTP destination port. type: str choices: enable, disable
- tunnel_sharing - Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols. type: str choices: private, shared, express-shared
- unknown_http_version - How to handle HTTP sessions that do not comply with HTTP 0.9, 1.0, or 1.1. type: str choices: reject, tunnel, best-effort
- mapi - Enable/disable MAPI email WAN Optimization and configure MAPI WAN Optimization features. type: dict
- byte_caching - Enable/disable byte-caching for HTTP. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache. type: str choices: enable, disable
- log_traffic - Enable/disable logging. type: str choices: enable, disable
- port - Single port number or port number range for MAPI. Only packets with a destination port number that matches this port number or range are accepted by this profile. type: int
- secure_tunnel - Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810). type: str choices: enable, disable
- status - Enable/disable HTTP WAN Optimization. type: str choices: enable, disable
- tunnel_sharing - Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols. type: str choices: private, shared, express-shared
- name - Profile name. type: str required: True
- tcp - Enable/disable TCP WAN Optimization and configure TCP WAN Optimization features. type: dict
- byte_caching - Enable/disable byte-caching for HTTP. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache. type: str choices: enable, disable
- byte_caching_opt - Select whether TCP byte-caching uses system memory only or both memory and disk space. type: str choices: mem-only, mem-disk
- log_traffic - Enable/disable logging. type: str choices: enable, disable
- port - Single port number or port number range for TCP. Only packets with a destination port number that matches this port number or range are accepted by this profile. type: str
- secure_tunnel - Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810). type: str choices: enable, disable
- ssl - Enable/disable SSL/TLS offloading. type: str choices: enable, disable
- ssl_port - Port on which to expect HTTPS traffic for SSL/TLS offloading. type: int
- status - Enable/disable HTTP WAN Optimization. type: str choices: enable, disable
- tunnel_sharing - Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols. type: str choices: private, shared, express-shared
- transparent - Enable/disable transparent mode. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure WAN optimization profiles.
fortios_wanopt_profile:
vdom: "{{ vdom }}"
state: "present"
wanopt_profile:
auth_group: "<your_own_value> (source wanopt.auth-group.name)"
cifs:
byte_caching: "enable"
log_traffic: "enable"
port: "7"
prefer_chunking: "dynamic"
secure_tunnel: "enable"
status: "enable"
tunnel_sharing: "private"
comments: "<your_own_value>"
ftp:
byte_caching: "enable"
log_traffic: "enable"
port: "16"
prefer_chunking: "dynamic"
secure_tunnel: "enable"
status: "enable"
tunnel_sharing: "private"
http:
byte_caching: "enable"
log_traffic: "enable"
port: "24"
prefer_chunking: "dynamic"
secure_tunnel: "enable"
ssl: "enable"
ssl_port: "28"
status: "enable"
tunnel_non_http: "enable"
tunnel_sharing: "private"
unknown_http_version: "reject"
mapi:
byte_caching: "enable"
log_traffic: "enable"
port: "36"
secure_tunnel: "enable"
status: "enable"
tunnel_sharing: "private"
name: "default_name_40"
tcp:
byte_caching: "enable"
byte_caching_opt: "mem-only"
log_traffic: "enable"
port: "<your_own_value>"
secure_tunnel: "enable"
ssl: "enable"
ssl_port: "48"
status: "enable"
tunnel_sharing: "private"
transparent: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_wanopt_remote_storage – Configure a remote cache device as Web cache storage in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wanopt feature and remote_storage category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- wanopt_remote_storage - Configure a remote cache device as Web cache storage. type: dict
- local_cache_id - ID that this device uses to connect to the remote device. type: str
- remote_cache_id - ID of the remote device to which the device connects. type: str
- remote_cache_ip - IP address of the remote device to which the device connects. type: str
- status - Enable/disable using remote device as Web cache storage. type: str choices: disable, enable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure a remote cache device as Web cache storage.
fortios_wanopt_remote_storage:
vdom: "{{ vdom }}"
wanopt_remote_storage:
local_cache_id: "<your_own_value>"
remote_cache_id: "<your_own_value>"
remote_cache_ip: "<your_own_value>"
status: "disable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_wanopt_settings – Configure WAN optimization settings in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wanopt feature and settings category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- wanopt_settings - Configure WAN optimization settings. type: dict
- auto_detect_algorithm - Auto detection algorithms used in tunnel negotiations. type: str choices: simple, diff-req-resp
- host_id - Local host ID (must also be entered in the remote FortiGate"s peer list). type: str
- tunnel_ssl_algorithm - Relative strength of encryption algorithms accepted during tunnel negotiation. type: str choices: high, medium, low
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure WAN optimization settings.
fortios_wanopt_settings:
vdom: "{{ vdom }}"
wanopt_settings:
auto_detect_algorithm: "simple"
host_id: "myhostname"
tunnel_ssl_algorithm: "high"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_wanopt_webcache – Configure global Web cache settings in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wanopt feature and webcache category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- wanopt_webcache - Configure global Web cache settings. type: dict
- always_revalidate - Enable/disable revalidation of requested cached objects, which have content on the server, before serving it to the client. type: str choices: enable, disable
- cache_by_default - Enable/disable caching content that lacks explicit caching policies from the server. type: str choices: enable, disable
- cache_cookie - Enable/disable caching cookies. Since cookies contain information for or about individual users, they not usually cached. type: str choices: enable, disable
- cache_expired - Enable/disable caching type-1 objects that are already expired on arrival. type: str choices: enable, disable
- default_ttl - Default object expiry time . This only applies to those objects that do not have an expiry time set by the web server. type: int
- external - Enable/disable external Web caching. type: str choices: enable, disable
- fresh_factor - Frequency that the server is checked to see if any objects have expired (1 - 100). The higher the fresh factor, the less often the checks occur. type: int
- host_validate - Enable/disable validating "Host:" with original server IP. type: str choices: enable, disable
- ignore_conditional - Enable/disable controlling the behavior of cache-control HTTP 1.1 header values. type: str choices: enable, disable
- ignore_ie_reload - Enable/disable ignoring the PNC-interpretation of Internet Explorer"s Accept: / header. type: str choices: enable, disable
- ignore_ims - Enable/disable ignoring the if-modified-since (IMS) header. type: str choices: enable, disable
- ignore_pnc - Enable/disable ignoring the pragma no-cache (PNC) header. type: str choices: enable, disable
- max_object_size - Maximum cacheable object size in kB (1 - 2147483 kb (2GB). All objects that exceed this are delivered to the client but not stored in the web cache. type: int
- max_ttl - Maximum time an object can stay in the web cache without checking to see if it has expired on the server . type: int
- min_ttl - Minimum time an object can stay in the web cache without checking to see if it has expired on the server . type: int
- neg_resp_time - Time in minutes to cache negative responses or errors (0 - 4294967295). type: int
- reval_pnc - Enable/disable revalidation of pragma-no-cache (PNC) to address bandwidth concerns. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure global Web cache settings.
fortios_wanopt_webcache:
vdom: "{{ vdom }}"
wanopt_webcache:
always_revalidate: "enable"
cache_by_default: "enable"
cache_cookie: "enable"
cache_expired: "enable"
default_ttl: "7"
external: "enable"
fresh_factor: "9"
host_validate: "enable"
ignore_conditional: "enable"
ignore_ie_reload: "enable"
ignore_ims: "enable"
ignore_pnc: "enable"
max_object_size: "15"
max_ttl: "16"
min_ttl: "17"
neg_resp_time: "18"
reval_pnc: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_web_proxy_debug_url – Configure debug URL addresses in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify web_proxy feature and debug_url category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- web_proxy_debug_url - Configure debug URL addresses. type: dict
- exact - Enable/disable matching the exact path. type: str choices: enable, disable
- name - Debug URL name. type: str required: True
- status - Enable/disable this URL exemption. type: str choices: enable, disable
- url_pattern - URL exemption pattern. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure debug URL addresses.
fortios_web_proxy_debug_url:
vdom: "{{ vdom }}"
state: "present"
web_proxy_debug_url:
exact: "enable"
name: "default_name_4"
status: "enable"
url_pattern: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_web_proxy_explicit – Configure explicit Web proxy settings in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify web_proxy feature and explicit category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- web_proxy_explicit - Configure explicit Web proxy settings. type: dict
- ftp_incoming_port - Accept incoming FTP-over-HTTP requests on one or more ports (0 - 65535). type: str
- ftp_over_http - Enable to proxy FTP-over-HTTP sessions sent from a web browser. type: str choices: enable, disable
- http_incoming_port - Accept incoming HTTP requests on one or more ports (0 - 65535). type: str
- https_incoming_port - Accept incoming HTTPS requests on one or more ports (0 - 65535). type: str
- https_replacement_message - Enable/disable sending the client a replacement message for HTTPS requests. type: str choices: enable, disable
- incoming_ip - Restrict the explicit HTTP proxy to only accept sessions from this IP address. An interface must have this IP address. type: str
- incoming_ip6 - Restrict the explicit web proxy to only accept sessions from this IPv6 address. An interface must have this IPv6 address. type: str
- ipv6_status - Enable/disable allowing an IPv6 web proxy destination in policies and all IPv6 related entries in this command. type: str choices: enable, disable
- message_upon_server_error - Enable/disable displaying a replacement message when a server error is detected. type: str choices: enable, disable
- outgoing_ip - Outgoing HTTP requests will have this IP address as their source address. An interface must have this IP address. type: str
- outgoing_ip6 - Outgoing HTTP requests will leave this IPv6. Multiple interfaces can be specified. Interfaces must have these IPv6 addresses. type: str
- pac_file_data - PAC file contents enclosed in quotes (maximum of 256K bytes). type: str
- pac_file_name - Pac file name. type: str
- pac_file_server_port - Port number that PAC traffic from client web browsers uses to connect to the explicit web proxy (0 - 65535). type: str
- pac_file_server_status - Enable/disable Proxy Auto-Configuration (PAC) for users of this explicit proxy profile. type: str choices: enable, disable
- pac_file_url - PAC file access URL. type: str
- pac_policy - PAC policies. type: list
- comments - Optional comments. type: str
- dstaddr - Destination address objects. type: list
- name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: True
- pac_file_data - PAC file contents enclosed in quotes (maximum of 256K bytes). type: str
- pac_file_name - Pac file name. type: str
- policyid - Policy ID. type: int required: True
- srcaddr - Source address objects. type: list
- name - Address name. Source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name firewall.proxy-addrgrp.name. type: str required: True
- srcaddr6 - Source address6 objects. type: list
- name - Address name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: True
- status - Enable/disable policy. type: str choices: enable, disable
- pref_dns_result - Prefer resolving addresses using the configured IPv4 or IPv6 DNS server . type: str choices: ipv4, ipv6
- realm - Authentication realm used to identify the explicit web proxy (maximum of 63 characters). type: str
- sec_default_action - Accept or deny explicit web proxy sessions when no web proxy firewall policy exists. type: str choices: accept, deny
- socks - Enable/disable the SOCKS proxy. type: str choices: enable, disable
- socks_incoming_port - Accept incoming SOCKS proxy requests on one or more ports (0 - 65535). type: str
- ssl_algorithm - Relative strength of encryption algorithms accepted in HTTPS deep scan: high, medium, or low. type: str choices: high, medium, low
- status - Enable/disable the explicit Web proxy for HTTP and HTTPS session. type: str choices: enable, disable
- strict_guest - Enable/disable strict guest user checking by the explicit web proxy. type: str choices: enable, disable
- trace_auth_no_rsp - Enable/disable logging timed-out authentication requests. type: str choices: enable, disable
- unknown_http_version - Either reject unknown HTTP traffic as malformed or handle unknown HTTP traffic as best as the proxy server can. type: str choices: reject, best-effort
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure explicit Web proxy settings.
fortios_web_proxy_explicit:
vdom: "{{ vdom }}"
web_proxy_explicit:
ftp_incoming_port: "<your_own_value>"
ftp_over_http: "enable"
http_incoming_port: "<your_own_value>"
https_incoming_port: "<your_own_value>"
https_replacement_message: "enable"
incoming_ip: "<your_own_value>"
incoming_ip6: "<your_own_value>"
ipv6_status: "enable"
message_upon_server_error: "enable"
outgoing_ip: "<your_own_value>"
outgoing_ip6: "<your_own_value>"
pac_file_data: "<your_own_value>"
pac_file_name: "<your_own_value>"
pac_file_server_port: "<your_own_value>"
pac_file_server_status: "enable"
pac_file_url: "<your_own_value>"
pac_policy:
-
comments: "<your_own_value>"
dstaddr:
-
name: "default_name_22 (source firewall.address.name firewall.addrgrp.name)"
pac_file_data: "<your_own_value>"
pac_file_name: "<your_own_value>"
policyid: "25"
srcaddr:
-
name: "default_name_27 (source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name firewall.proxy-addrgrp.name)"
srcaddr6:
-
name: "default_name_29 (source firewall.address6.name firewall.addrgrp6.name)"
status: "enable"
pref_dns_result: "ipv4"
realm: "<your_own_value>"
sec_default_action: "accept"
socks: "enable"
socks_incoming_port: "<your_own_value>"
ssl_algorithm: "high"
status: "enable"
strict_guest: "enable"
trace_auth_no_rsp: "enable"
unknown_http_version: "reject"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_web_proxy_forward_server – Configure forward-server addresses in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify web_proxy feature and forward_server category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- web_proxy_forward_server - Configure forward-server addresses. type: dict
- addr_type - Address type of the forwarding proxy server: IP or FQDN. type: str choices: ip, fqdn
- comment - Comment. type: str
- fqdn - Forward server Fully Qualified Domain Name (FQDN). type: str
- healthcheck - Enable/disable forward server health checking. Attempts to connect through the remote forwarding server to a destination to verify that the forwarding server is operating normally. type: str choices: disable, enable
- ip - Forward proxy server IP address. type: str
- monitor - URL for forward server health check monitoring . type: str
- name - Server name. type: str required: True
- port - Port number that the forwarding server expects to receive HTTP sessions on (1 - 65535). type: int
- server_down_option - Action to take when the forward server is found to be down: block sessions until the server is back up or pass sessions to their destination. type: str choices: block, pass
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure forward-server addresses.
fortios_web_proxy_forward_server:
vdom: "{{ vdom }}"
state: "present"
web_proxy_forward_server:
addr_type: "ip"
comment: "Comment."
fqdn: "<your_own_value>"
healthcheck: "disable"
ip: "<your_own_value>"
monitor: "<your_own_value>"
name: "default_name_9"
port: "10"
server_down_option: "block"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_web_proxy_forward_server_group – Configure a forward server group consisting or multiple forward servers. Supports failover and load balancing in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify web_proxy feature and forward_server_group category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- web_proxy_forward_server_group - Configure a forward server group consisting or multiple forward servers. Supports failover and load balancing. type: dict
- affinity - Enable/disable affinity, attaching a source-ip"s traffic to the assigned forwarding server until the forward-server-affinity-timeout is reached (under web-proxy global). type: str choices: enable, disable
- group_down_option - Action to take when all of the servers in the forward server group are down: block sessions until at least one server is back up or pass sessions to their destination. type: str choices: block, pass
- ldb_method - Load balance method: weighted or least-session. type: str choices: weighted, least-session
- name - Configure a forward server group consisting one or multiple forward servers. Supports failover and load balancing. type: str required: True
- server_list - Add web forward servers to a list to form a server group. Optionally assign weights to each server. type: list
- name - Forward server name. Source web-proxy.forward-server.name. type: str required: True
- weight - Optionally assign a weight of the forwarding server for weighted load balancing (1 - 100) type: int
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure a forward server group consisting or multiple forward servers. Supports failover and load balancing.
fortios_web_proxy_forward_server_group:
vdom: "{{ vdom }}"
state: "present"
web_proxy_forward_server_group:
affinity: "enable"
group_down_option: "block"
ldb_method: "weighted"
name: "default_name_6"
server_list:
-
name: "default_name_8 (source web-proxy.forward-server.name)"
weight: "9"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_web_proxy_global – Configure Web proxy global settings in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify web_proxy feature and global category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- web_proxy_global - Configure Web proxy global settings. type: dict
- fast_policy_match - Enable/disable fast matching algorithm for explicit and transparent proxy policy. type: str choices: enable, disable
- forward_proxy_auth - Enable/disable forwarding proxy authentication headers. type: str choices: enable, disable
- forward_server_affinity_timeout - Period of time before the source IP"s traffic is no longer assigned to the forwarding server (6 - 60 min). type: int
- learn_client_ip - Enable/disable learning the client"s IP address from headers. type: str choices: enable, disable
- learn_client_ip_from_header - Learn client IP address from the specified headers. type: str choices: true-client-ip, x-real-ip, x-forwarded-for
- learn_client_ip_srcaddr - Source address name (srcaddr or srcaddr6 must be set). type: list
- name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: True
- learn_client_ip_srcaddr6 - IPv6 Source address name (srcaddr or srcaddr6 must be set). type: list
- name - Address name. Source firewall.address6.name firewall.addrgrp6.name. type: str required: True
- max_message_length - Maximum length of HTTP message, not including body (16 - 256 Kbytes). type: int
- max_request_length - Maximum length of HTTP request line (2 - 64 Kbytes). type: int
- max_waf_body_cache_length - Maximum length of HTTP messages processed by Web Application Firewall (WAF) (10 - 1024 Kbytes). type: int
- proxy_fqdn - Fully Qualified Domain Name (FQDN) that clients connect to to connect to the explicit web proxy. type: str
- strict_web_check - Enable/disable strict web checking to block web sites that send incorrect headers that don"t conform to HTTP 1.1. type: str choices: enable, disable
- tunnel_non_http - Enable/disable allowing non-HTTP traffic. Allowed non-HTTP traffic is tunneled. type: str choices: enable, disable
- unknown_http_version - Action to take when an unknown version of HTTP is encountered: reject, allow (tunnel), or proceed with best-effort. type: str choices: reject, tunnel, best-effort
- webproxy_profile - Name of the web proxy profile to apply when explicit proxy traffic is allowed by default and traffic is accepted that does not match an explicit proxy policy. Source web-proxy.profile.name. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure Web proxy global settings.
fortios_web_proxy_global:
vdom: "{{ vdom }}"
web_proxy_global:
fast_policy_match: "enable"
forward_proxy_auth: "enable"
forward_server_affinity_timeout: "5"
learn_client_ip: "enable"
learn_client_ip_from_header: "true-client-ip"
learn_client_ip_srcaddr:
-
name: "default_name_9 (source firewall.address.name firewall.addrgrp.name)"
learn_client_ip_srcaddr6:
-
name: "default_name_11 (source firewall.address6.name firewall.addrgrp6.name)"
max_message_length: "12"
max_request_length: "13"
max_waf_body_cache_length: "14"
proxy_fqdn: "<your_own_value>"
strict_web_check: "enable"
tunnel_non_http: "enable"
unknown_http_version: "reject"
webproxy_profile: "<your_own_value> (source web-proxy.profile.name)"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_web_proxy_profile – Configure web proxy profiles in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify web_proxy feature and profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- web_proxy_profile - Configure web proxy profiles. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- header_client_ip - Action to take on the HTTP client-IP header in forwarded requests: forwards (pass), adds, or removes the HTTP header. type: str choices: pass, add, remove
- header_front_end_https - Action to take on the HTTP front-end-HTTPS header in forwarded requests: forwards (pass), adds, or removes the HTTP header. type: str choices: pass, add, remove
- header_via_request - Action to take on the HTTP via header in forwarded requests: forwards (pass), adds, or removes the HTTP header. type: str choices: pass, add, remove
- header_via_response - Action to take on the HTTP via header in forwarded responses: forwards (pass), adds, or removes the HTTP header. type: str choices: pass, add, remove
- header_x_authenticated_groups - Action to take on the HTTP x-authenticated-groups header in forwarded requests: forwards (pass), adds, or removes the HTTP header. type: str choices: pass, add, remove
- header_x_authenticated_user - Action to take on the HTTP x-authenticated-user header in forwarded requests: forwards (pass), adds, or removes the HTTP header. type: str choices: pass, add, remove
- header_x_forwarded_for - Action to take on the HTTP x-forwarded-for header in forwarded requests: forwards (pass), adds, or removes the HTTP header. type: str choices: pass, add, remove
- headers - Configure HTTP forwarded requests headers. type: list
- action - Action when HTTP the header forwarded. type: str choices: add-to-request, add-to-response, remove-from-request, remove-from-response
- content - HTTP header"s content. type: str
- id - HTTP forwarded header id. type: int required: True
- name - HTTP forwarded header name. type: str
- log_header_change - Enable/disable logging HTTP header changes. type: str choices: enable, disable
- name - Profile name. type: str required: True
- strip_encoding - Enable/disable stripping unsupported encoding from the request header. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure web proxy profiles.
fortios_web_proxy_profile:
vdom: "{{ vdom }}"
state: "present"
web_proxy_profile:
header_client_ip: "pass"
header_front_end_https: "pass"
header_via_request: "pass"
header_via_response: "pass"
header_x_authenticated_groups: "pass"
header_x_authenticated_user: "pass"
header_x_forwarded_for: "pass"
headers:
-
action: "add-to-request"
content: "<your_own_value>"
id: "13"
name: "default_name_14"
log_header_change: "enable"
name: "default_name_16"
strip_encoding: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_web_proxy_url_match – Exempt URLs from web proxy forwarding and caching in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify web_proxy feature and url_match category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- web_proxy_url_match - Exempt URLs from web proxy forwarding and caching. type: dict
- cache_exemption - Enable/disable exempting this URL pattern from caching. type: str choices: enable, disable
- comment - Comment. type: str
- forward_server - Forward server name. Source web-proxy.forward-server.name web-proxy.forward-server-group.name. type: str
- name - Configure a name for the URL to be exempted. type: str required: True
- status - Enable/disable exempting the URLs matching the URL pattern from web proxy forwarding and caching. type: str choices: enable, disable
- url_pattern - URL pattern to be exempted from web proxy forwarding and caching. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Exempt URLs from web proxy forwarding and caching.
fortios_web_proxy_url_match:
vdom: "{{ vdom }}"
state: "present"
web_proxy_url_match:
cache_exemption: "enable"
comment: "Comment."
forward_server: "<your_own_value> (source web-proxy.forward-server.name web-proxy.forward-server-group.name)"
name: "default_name_6"
status: "enable"
url_pattern: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_web_proxy_wisp – Configure Wireless Internet service provider (WISP) servers in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify web_proxy feature and wisp category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- web_proxy_wisp - Configure Wireless Internet service provider (WISP) servers. type: dict
- comment - Comment. type: str
- max_connections - Maximum number of web proxy WISP connections (4 - 4096). type: int
- name - Server name. type: str required: True
- outgoing_ip - WISP outgoing IP address. type: str
- server_ip - WISP server IP address. type: str
- server_port - WISP server port (1 - 65535). type: int
- timeout - Period of time before WISP requests time out (1 - 15 sec). type: int
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure Wireless Internet service provider (WISP) servers.
fortios_web_proxy_wisp:
vdom: "{{ vdom }}"
state: "present"
web_proxy_wisp:
comment: "Comment."
max_connections: "4"
name: "default_name_5"
outgoing_ip: "<your_own_value>"
server_ip: "<your_own_value>"
server_port: "8"
timeout: "9"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_webfilter_content – Configure Web filter banned word table in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify webfilter feature and content category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- webfilter_content - Configure Web filter banned word table. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- comment - Optional comments. type: str
- entries - Configure banned word entries. type: list
- action - Block or exempt word when a match is found. type: str choices: block, exempt
- lang - Language of banned word. type: str choices: western, simch, trach, japanese, korean, french, thai, spanish, cyrillic
- name - Banned word. type: str required: True
- pattern_type - Banned word pattern type: wildcard pattern or Perl regular expression. type: str choices: wildcard, regexp
- score - Score, to be applied every time the word appears on a web page (0 - 4294967295). type: int
- status - Enable/disable banned word. type: str choices: enable, disable
- id - ID. type: int required: True
- name - Name of table. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure Web filter banned word table.
fortios_webfilter_content:
vdom: "{{ vdom }}"
state: "present"
webfilter_content:
comment: "Optional comments."
entries:
-
action: "block"
lang: "western"
name: "default_name_7"
pattern_type: "wildcard"
score: "9"
status: "enable"
id: "11"
name: "default_name_12"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_webfilter_content_header – Configure content types used by Web filter in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify webfilter feature and content_header category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- webfilter_content_header - Configure content types used by Web filter. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- comment - Optional comments. type: str
- entries - Configure content types used by web filter. type: list
- action - Action to take for this content type. type: str choices: block, allow, exempt
- category - Categories that this content type applies to. type: str
- pattern - Content type (regular expression). type: str required: True
- id - ID. type: int required: True
- name - Name of table. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure content types used by Web filter.
fortios_webfilter_content_header:
vdom: "{{ vdom }}"
state: "present"
webfilter_content_header:
comment: "Optional comments."
entries:
-
action: "block"
category: "<your_own_value>"
pattern: "<your_own_value>"
id: "8"
name: "default_name_9"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_webfilter_fortiguard – Configure FortiGuard Web Filter service in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify webfilter feature and fortiguard category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- webfilter_fortiguard - Configure FortiGuard Web Filter service. type: dict
- cache_mem_percent - Maximum percentage of available memory allocated to caching (1 - 15%). type: int
- cache_mode - Cache entry expiration mode. type: str choices: ttl, db-ver
- cache_prefix_match - Enable/disable prefix matching in the cache. type: str choices: enable, disable
- close_ports - Close ports used for HTTP/HTTPS override authentication and disable user overrides. type: str choices: enable, disable
- ovrd_auth_https - Enable/disable use of HTTPS for override authentication. type: str choices: enable, disable
- ovrd_auth_port - Port to use for FortiGuard Web Filter override authentication. type: int
- ovrd_auth_port_http - Port to use for FortiGuard Web Filter HTTP override authentication type: int
- ovrd_auth_port_https - Port to use for FortiGuard Web Filter HTTPS override authentication. type: int
- ovrd_auth_port_warning - Port to use for FortiGuard Web Filter Warning override authentication. type: int
- request_packet_size_limit - Limit size of URL request packets sent to FortiGuard server (0 for default). type: int
- warn_auth_https - Enable/disable use of HTTPS for warning and authentication. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure FortiGuard Web Filter service.
fortios_webfilter_fortiguard:
vdom: "{{ vdom }}"
webfilter_fortiguard:
cache_mem_percent: "3"
cache_mode: "ttl"
cache_prefix_match: "enable"
close_ports: "enable"
ovrd_auth_https: "enable"
ovrd_auth_port: "8"
ovrd_auth_port_http: "9"
ovrd_auth_port_https: "10"
ovrd_auth_port_warning: "11"
request_packet_size_limit: "12"
warn_auth_https: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_webfilter_ftgd_local_cat – Configure FortiGuard Web Filter local categories in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify webfilter feature and ftgd_local_cat category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- webfilter_ftgd_local_cat - Configure FortiGuard Web Filter local categories. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- desc - Local category description. type: str required: True
- id - Local category ID. type: int
- status - Enable/disable the local category. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure FortiGuard Web Filter local categories.
fortios_webfilter_ftgd_local_cat:
vdom: "{{ vdom }}"
state: "present"
webfilter_ftgd_local_cat:
desc: "<your_own_value>"
id: "4"
status: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_webfilter_ftgd_local_rating – Configure local FortiGuard Web Filter local ratings in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify webfilter feature and ftgd_local_rating category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- webfilter_ftgd_local_rating - Configure local FortiGuard Web Filter local ratings. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- rating - Local rating. type: str
- status - Enable/disable local rating. type: str choices: enable, disable
- url - URL to rate locally. type: str required: True
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure local FortiGuard Web Filter local ratings.
fortios_webfilter_ftgd_local_rating:
vdom: "{{ vdom }}"
state: "present"
webfilter_ftgd_local_rating:
rating: "<your_own_value>"
status: "enable"
url: "myurl.com"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_webfilter_ips_urlfilter_cache_setting – Configure IPS URL filter cache settings in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify webfilter feature and ips_urlfilter_cache_setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- webfilter_ips_urlfilter_cache_setting - Configure IPS URL filter cache settings. type: dict
- dns_retry_interval - Retry interval. Refresh DNS faster than TTL to capture multiple IPs for hosts. 0 means use DNS server"s TTL only. type: int
- extended_ttl - Extend time to live beyond reported by DNS. 0 means use DNS server"s TTL type: int
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IPS URL filter cache settings.
fortios_webfilter_ips_urlfilter_cache_setting:
vdom: "{{ vdom }}"
webfilter_ips_urlfilter_cache_setting:
dns_retry_interval: "3"
extended_ttl: "4"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_webfilter_ips_urlfilter_setting – Configure IPS URL filter settings in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify webfilter feature and ips_urlfilter_setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- webfilter_ips_urlfilter_setting - Configure IPS URL filter settings. type: dict
- device - Interface for this route. Source system.interface.name. type: str
- distance - Administrative distance (1 - 255) for this route. type: int
- gateway - Gateway IP address for this route. type: str
- geo_filter - Filter based on geographical location. Route will NOT be installed if the resolved IP address belongs to the country in the filter. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IPS URL filter settings.
fortios_webfilter_ips_urlfilter_setting:
vdom: "{{ vdom }}"
webfilter_ips_urlfilter_setting:
device: "<your_own_value> (source system.interface.name)"
distance: "4"
gateway: "<your_own_value>"
geo_filter: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_webfilter_ips_urlfilter_setting6 – Configure IPS URL filter settings for IPv6 in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify webfilter feature and ips_urlfilter_setting6 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- webfilter_ips_urlfilter_setting6 - Configure IPS URL filter settings for IPv6. type: dict
- device - Interface for this route. Source system.interface.name. type: str
- distance - Administrative distance (1 - 255) for this route. type: int
- gateway6 - Gateway IPv6 address for this route. type: str
- geo_filter - Filter based on geographical location. Route will NOT be installed if the resolved IPv6 address belongs to the country in the filter. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IPS URL filter settings for IPv6.
fortios_webfilter_ips_urlfilter_setting6:
vdom: "{{ vdom }}"
webfilter_ips_urlfilter_setting6:
device: "<your_own_value> (source system.interface.name)"
distance: "4"
gateway6: "<your_own_value>"
geo_filter: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_webfilter_override – Configure FortiGuard Web Filter administrative overrides in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify webfilter feature and override category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- webfilter_override - Configure FortiGuard Web Filter administrative overrides. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- expires - Override expiration date and time, from 5 minutes to 365 from now (format: yyyy/mm/dd hh:mm:ss). type: str
- id - Override rule ID. type: int required: True
- initiator - Initiating user of override (read-only setting). type: str
- ip - IPv4 address which the override applies. type: str
- ip6 - IPv6 address which the override applies. type: str
- new_profile - Name of the new web filter profile used by the override. Source webfilter.profile.name. type: str
- old_profile - Name of the web filter profile which the override applies. Source webfilter.profile.name. type: str
- scope - Override either the specific user, user group, IPv4 address, or IPv6 address. type: str choices: user, user-group, ip, ip6
- status - Enable/disable override rule. type: str choices: enable, disable
- user - Name of the user which the override applies. type: str
- user_group - Specify the user group for which the override applies. Source user.group.name. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure FortiGuard Web Filter administrative overrides.
fortios_webfilter_override:
vdom: "{{ vdom }}"
state: "present"
webfilter_override:
expires: "<your_own_value>"
id: "4"
initiator: "<your_own_value>"
ip: "<your_own_value>"
ip6: "<your_own_value>"
new_profile: "<your_own_value> (source webfilter.profile.name)"
old_profile: "<your_own_value> (source webfilter.profile.name)"
scope: "user"
status: "enable"
user: "<your_own_value>"
user_group: "<your_own_value> (source user.group.name)"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_webfilter_profile – Configure Web filter profiles in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify webfilter feature and profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- webfilter_profile - Configure Web filter profiles. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- comment - Optional comments. type: str
- extended_log - Enable/disable extended logging for web filtering. type: str choices: enable, disable
- ftgd_wf - FortiGuard Web Filter settings. type: dict
- exempt_quota - Do not stop quota for these categories. type: str
- filters - FortiGuard filters. type: list
- action - Action to take for matches. type: str choices: block, authenticate, monitor, warning
- auth_usr_grp - Groups with permission to authenticate. type: str
- category - Categories and groups the filter examines. type: int
- id - ID number. type: int required: True
- log - Enable/disable logging. type: str choices: enable, disable
- override_replacemsg - Override replacement message. type: str
- warn_duration - Duration of warnings. type: str
- warning_duration_type - Re-display warning after closing browser or after a timeout. type: str choices: session, timeout
- warning_prompt - Warning prompts in each category or each domain. type: str choices: per-domain, per-category
- max_quota_timeout - Maximum FortiGuard quota used by single page view in seconds (excludes streams). type: int
- options - Options for FortiGuard Web Filter. type: str choices: error-allow, rate-server-ip, connect-request-bypass, ftgd-disable
- ovrd - Allow web filter profile overrides. type: str
- quota - FortiGuard traffic quota settings. type: list
- category - FortiGuard categories to apply quota to (category action must be set to monitor). type: str
- duration - Duration of quota. type: str
- id - ID number. type: int required: True
- override_replacemsg - Override replacement message. type: str
- type - Quota type. type: str choices: time, traffic
- unit - Traffic quota unit of measurement. type: str choices: B, KB, MB, GB
- value - Traffic quota value. type: int
- rate_crl_urls - Enable/disable rating CRL by URL. type: str choices: disable, enable
- rate_css_urls - Enable/disable rating CSS by URL. type: str choices: disable, enable
- rate_image_urls - Enable/disable rating images by URL. type: str choices: disable, enable
- rate_javascript_urls - Enable/disable rating JavaScript by URL. type: str choices: disable, enable
- https_replacemsg - Enable replacement messages for HTTPS. type: str choices: enable, disable
- inspection_mode - Web filtering inspection mode. type: str choices: proxy, flow-based
- log_all_url - Enable/disable logging all URLs visited. type: str choices: enable, disable
- name - Profile name. type: str required: True
- options - Options. type: str choices: activexfilter, cookiefilter, javafilter, block-invalid-url, jscript, js, vbs, unknown, intrinsic, wf-referer, wf-cookie, per-user-bwl
- override - Web Filter override settings. type: dict
- ovrd_cookie - Allow/deny browser-based (cookie) overrides. type: str choices: allow, deny
- ovrd_dur - Override duration. type: str
- ovrd_dur_mode - Override duration mode. type: str choices: constant, ask
- ovrd_scope - Override scope. type: str choices: user, user-group, ip, browser, ask
- ovrd_user_group - User groups with permission to use the override. type: str
- profile - Web filter profile with permission to create overrides. type: list
- name - Web profile. Source webfilter.profile.name. type: str required: True
- profile_attribute - Profile attribute to retrieve from the RADIUS server. type: str choices: User-Name, NAS-IP-Address, Framed-IP-Address, Framed-IP-Netmask, Filter-Id, Login-IP-Host, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, Class, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Zone, Acct-Session-Id, Acct-Multi-Session-Id
- profile_type - Override profile type. type: str choices: list, radius
- ovrd_perm - Permitted override types. type: str choices: bannedword-override, urlfilter-override, fortiguard-wf-override, contenttype-check-override
- post_action - Action taken for HTTP POST traffic. type: str choices: normal, block
- replacemsg_group - Replacement message group. Source system.replacemsg-group.name. type: str
- web - Web content filtering settings. type: dict
- blacklist - Enable/disable automatic addition of URLs detected by FortiSandbox to blacklist. type: str choices: enable, disable
- bword_table - Banned word table ID. Source webfilter.content.id. type: int
- bword_threshold - Banned word score threshold. type: int
- content_header_list - Content header list. Source webfilter.content-header.id. type: int
- keyword_match - Search keywords to log when match is found. type: str
- log_search - Enable/disable logging all search phrases. type: str choices: enable, disable
- safe_search - Safe search type. type: str choices: url, header
- urlfilter_table - URL filter table ID. Source webfilter.urlfilter.id. type: int
- whitelist - FortiGuard whitelist settings. type: str choices: exempt-av, exempt-webcontent, exempt-activex-java-cookie, exempt-dlp, exempt-rangeblock, extended-log-others
- youtube_restrict - YouTube EDU filter level. type: str choices: none, strict, moderate
- web_content_log - Enable/disable logging logging blocked web content. type: str choices: enable, disable
- web_extended_all_action_log - Enable/disable extended any filter action logging for web filtering. type: str choices: enable, disable
- web_filter_activex_log - Enable/disable logging ActiveX. type: str choices: enable, disable
- web_filter_applet_log - Enable/disable logging Java applets. type: str choices: enable, disable
- web_filter_command_block_log - Enable/disable logging blocked commands. type: str choices: enable, disable
- web_filter_cookie_log - Enable/disable logging cookie filtering. type: str choices: enable, disable
- web_filter_cookie_removal_log - Enable/disable logging blocked cookies. type: str choices: enable, disable
- web_filter_js_log - Enable/disable logging Java scripts. type: str choices: enable, disable
- web_filter_jscript_log - Enable/disable logging JScripts. type: str choices: enable, disable
- web_filter_referer_log - Enable/disable logging referrers. type: str choices: enable, disable
- web_filter_unknown_log - Enable/disable logging unknown scripts. type: str choices: enable, disable
- web_filter_vbs_log - Enable/disable logging VBS scripts. type: str choices: enable, disable
- web_ftgd_err_log - Enable/disable logging rating errors. type: str choices: enable, disable
- web_ftgd_quota_usage - Enable/disable logging daily quota usage. type: str choices: enable, disable
- web_invalid_domain_log - Enable/disable logging invalid domain names. type: str choices: enable, disable
- web_url_log - Enable/disable logging URL filtering. type: str choices: enable, disable
- wisp - Enable/disable web proxy WISP. type: str choices: enable, disable
- wisp_algorithm - WISP server selection algorithm. type: str choices: primary-secondary, round-robin, auto-learning
- wisp_servers - WISP servers. type: list
- name - Server name. Source web-proxy.wisp.name. type: str required: True
- youtube_channel_filter - YouTube channel filter. type: list
- channel_id - YouTube channel ID to be filtered. type: str
- comment - Comment. type: str
- id - ID. type: int required: True
- youtube_channel_status - YouTube channel filter status. type: str choices: disable, blacklist, whitelist
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure Web filter profiles.
fortios_webfilter_profile:
vdom: "{{ vdom }}"
state: "present"
webfilter_profile:
comment: "Optional comments."
extended_log: "enable"
ftgd_wf:
exempt_quota: "<your_own_value>"
filters:
-
action: "block"
auth_usr_grp:
-
name: "default_name_10 (source user.group.name)"
category: "11"
id: "12"
log: "enable"
override_replacemsg: "<your_own_value>"
warn_duration: "<your_own_value>"
warning_duration_type: "session"
warning_prompt: "per-domain"
max_quota_timeout: "18"
options: "error-allow"
ovrd: "<your_own_value>"
quota:
-
category: "<your_own_value>"
duration: "<your_own_value>"
id: "24"
override_replacemsg: "<your_own_value>"
type: "time"
unit: "B"
value: "28"
rate_crl_urls: "disable"
rate_css_urls: "disable"
rate_image_urls: "disable"
rate_javascript_urls: "disable"
https_replacemsg: "enable"
inspection_mode: "proxy"
log_all_url: "enable"
name: "default_name_36"
options: "activexfilter"
override:
ovrd_cookie: "allow"
ovrd_dur: "<your_own_value>"
ovrd_dur_mode: "constant"
ovrd_scope: "user"
ovrd_user_group:
-
name: "default_name_44 (source user.group.name)"
profile:
-
name: "default_name_46 (source webfilter.profile.name)"
profile_attribute: "User-Name"
profile_type: "list"
ovrd_perm: "bannedword-override"
post_action: "normal"
replacemsg_group: "<your_own_value> (source system.replacemsg-group.name)"
web:
blacklist: "enable"
bword_table: "54 (source webfilter.content.id)"
bword_threshold: "55"
content_header_list: "56 (source webfilter.content-header.id)"
keyword_match:
-
pattern: "<your_own_value>"
log_search: "enable"
safe_search: "url"
urlfilter_table: "61 (source webfilter.urlfilter.id)"
whitelist: "exempt-av"
youtube_restrict: "none"
web_content_log: "enable"
web_extended_all_action_log: "enable"
web_filter_activex_log: "enable"
web_filter_applet_log: "enable"
web_filter_command_block_log: "enable"
web_filter_cookie_log: "enable"
web_filter_cookie_removal_log: "enable"
web_filter_js_log: "enable"
web_filter_jscript_log: "enable"
web_filter_referer_log: "enable"
web_filter_unknown_log: "enable"
web_filter_vbs_log: "enable"
web_ftgd_err_log: "enable"
web_ftgd_quota_usage: "enable"
web_invalid_domain_log: "enable"
web_url_log: "enable"
wisp: "enable"
wisp_algorithm: "primary-secondary"
wisp_servers:
-
name: "default_name_83 (source web-proxy.wisp.name)"
youtube_channel_filter:
-
channel_id: "<your_own_value>"
comment: "Comment."
id: "87"
youtube_channel_status: "disable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_webfilter_search_engine – Configure web filter search engines in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify webfilter feature and search_engine category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- webfilter_search_engine - Configure web filter search engines. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- charset - Search engine charset. type: str choices: utf-8, gb2312
- hostname - Hostname (regular expression). type: str
- name - Search engine name. type: str required: True
- query - Code used to prefix a query (must end with an equals character). type: str
- safesearch - Safe search method. You can disable safe search, add the safe search string to URLs, or insert a safe search header. type: str choices: disable, url, header
- safesearch_str - Safe search parameter used in the URL. type: str
- url - URL (regular expression). type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure web filter search engines.
fortios_webfilter_search_engine:
vdom: "{{ vdom }}"
state: "present"
webfilter_search_engine:
charset: "utf-8"
hostname: "myhostname"
name: "default_name_5"
query: "<your_own_value>"
safesearch: "disable"
safesearch_str: "<your_own_value>"
url: "myurl.com"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_webfilter_urlfilter – Configure URL filter lists in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify webfilter feature and urlfilter category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- webfilter_urlfilter - Configure URL filter lists. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- comment - Optional comments. type: str
- entries - URL filter entries. type: list
- action - Action to take for URL filter matches. type: str choices: exempt, block, allow, monitor
- dns_address_family - Resolve IPv4 address, IPv6 address, or both from DNS server. type: str choices: ipv4, ipv6, both
- exempt - If action is set to exempt, select the security profile operations that exempt URLs skip. Separate multiple options with a space. type: str choices: av, web-content, activex-java-cookie, dlp, fortiguard, range-block, pass, all
- id - Id. type: int required: True
- referrer_host - Referrer host name. type: str
- status - Enable/disable this URL filter. type: str choices: enable, disable
- type - Filter type (simple, regex, or wildcard). type: str choices: simple, regex, wildcard
- url - URL to be filtered. type: str
- web_proxy_profile - Web proxy profile. Source web-proxy.profile.name. type: str
- id - ID. type: int required: True
- ip_addr_block - Enable/disable blocking URLs when the hostname appears as an IP address. type: str choices: enable, disable
- name - Name of URL filter list. type: str
- one_arm_ips_urlfilter - Enable/disable DNS resolver for one-arm IPS URL filter operation. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure URL filter lists.
fortios_webfilter_urlfilter:
vdom: "{{ vdom }}"
state: "present"
webfilter_urlfilter:
comment: "Optional comments."
entries:
-
action: "exempt"
dns_address_family: "ipv4"
exempt: "av"
id: "8"
referrer_host: "myhostname"
status: "enable"
type: "simple"
url: "myurl.com"
web_proxy_profile: "<your_own_value> (source web-proxy.profile.name)"
id: "14"
ip_addr_block: "enable"
name: "default_name_16"
one_arm_ips_urlfilter: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_wireless_controller_ap_status – Configure access point status (rogue | accepted | suppressed) in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and ap_status category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- wireless_controller_ap_status - Configure access point status (rogue | accepted | suppressed). type: dict
- bssid - Access Point"s (AP"s) BSSID. type: str
- id - AP ID. type: int required: True
- ssid - Access Point"s (AP"s) SSID. type: str
- status - Access Point"s (AP"s) status: rogue, accepted, or supressed. type: str choices: rogue, accepted, suppressed
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure access point status (rogue | accepted | suppressed).
fortios_wireless_controller_ap_status:
vdom: "{{ vdom }}"
state: "present"
wireless_controller_ap_status:
bssid: "<your_own_value>"
id: "4"
ssid: "<your_own_value>"
status: "rogue"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_wireless_controller_ble_profile – Configure Bluetooth Low Energy profile in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and ble_profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- wireless_controller_ble_profile - Configure Bluetooth Low Energy profile. type: dict
- advertising - Advertising type. type: str choices: ibeacon, eddystone-uid, eddystone-url
- beacon_interval - Beacon interval . type: int
- ble_scanning - Enable/disable Bluetooth Low Energy (BLE) scanning. type: str choices: enable, disable
- comment - Comment. type: str
- eddystone_instance - Eddystone instance ID. type: str
- eddystone_namespace - Eddystone namespace ID. type: str
- eddystone_url - Eddystone URL. type: str
- eddystone_url_encode_hex - Eddystone encoded URL hexadecimal string type: str
- ibeacon_uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str
- major_id - Major ID. type: int
- minor_id - Minor ID. type: int
- name - Bluetooth Low Energy profile name. type: str required: True
- txpower - Transmit power level . type: str choices: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure Bluetooth Low Energy profile.
fortios_wireless_controller_ble_profile:
vdom: "{{ vdom }}"
state: "present"
wireless_controller_ble_profile:
advertising: "ibeacon"
beacon_interval: "4"
ble_scanning: "enable"
comment: "Comment."
eddystone_instance: "<your_own_value>"
eddystone_namespace: "<your_own_value>"
eddystone_url: "<your_own_value>"
eddystone_url_encode_hex: "<your_own_value>"
ibeacon_uuid: "<your_own_value>"
major_id: "12"
minor_id: "13"
name: "default_name_14"
txpower: "0"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_wireless_controller_bonjour_profile – Configure Bonjour profiles. Bonjour is Apple’s zero configuration networking protocol. Bonjour profiles allow APs and FortiAPs to connnect to networks using Bonjour in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and bonjour_profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- wireless_controller_bonjour_profile - Configure Bonjour profiles. Bonjour is Apple's zero configuration networking protocol. Bonjour profiles allow APs and FortiAPs to connnect to networks using Bonjour. type: dict
- comment - Comment. type: str
- name - Bonjour profile name. type: str required: True
- policy_list - Bonjour policy list. type: list
- description - Description. type: str
- from_vlan - VLAN ID from which the Bonjour service is advertised (0 - 4094). type: str
- policy_id - Policy ID. type: int
- services - Bonjour services for the VLAN connecting to the Bonjour network. type: str choices: all, airplay, afp, bit-torrent, ftp, ichat, itunes, printers, samba, scanners, ssh, chromecast
- to_vlan - VLAN ID to which the Bonjour service is made available (0 - 4094). type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure Bonjour profiles. Bonjour is Apple's zero configuration networking protocol. Bonjour profiles allow APs and FortiAPs to connnect to
networks using Bonjour.
fortios_wireless_controller_bonjour_profile:
vdom: "{{ vdom }}"
state: "present"
wireless_controller_bonjour_profile:
comment: "Comment."
name: "default_name_4"
policy_list:
-
description: "<your_own_value>"
from_vlan: "<your_own_value>"
policy_id: "8"
services: "all"
to_vlan: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_wireless_controller_global – Configure wireless controller global settings in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and global category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- wireless_controller_global - Configure wireless controller global settings. type: dict
- ap_log_server - Enable/disable configuring APs or FortiAPs to send log messages to a syslog server . type: str choices: enable, disable
- ap_log_server_ip - IP address that APs or FortiAPs send log messages to. type: str
- ap_log_server_port - Port that APs or FortiAPs send log messages to. type: int
- control_message_offload - Configure CAPWAP control message data channel offload. type: str choices: ebp-frame, aeroscout-tag, ap-list, sta-list, sta-cap-list, stats, aeroscout-mu
- data_ethernet_II - Configure the wireless controller to use Ethernet II or 802.3 frames with 802.3 data tunnel mode . type: str choices: enable, disable
- discovery_mc_addr - Multicast IP address for AP discovery . type: str
- fiapp_eth_type - Ethernet type for Fortinet Inter-Access Point Protocol (IAPP), or IEEE 802.11f, packets (0 - 65535). type: int
- image_download - Enable/disable WTP image download at join time. type: str choices: enable, disable
- ipsec_base_ip - Base IP address for IPsec VPN tunnels between the access points and the wireless controller . type: str
- link_aggregation - Enable/disable calculating the CAPWAP transmit hash to load balance sessions to link aggregation nodes . type: str choices: enable, disable
- location - Description of the location of the wireless controller. type: str
- max_clients - Maximum number of clients that can connect simultaneously . type: int
- max_retransmit - Maximum number of tunnel packet retransmissions (0 - 64). type: int
- mesh_eth_type - Mesh Ethernet identifier included in backhaul packets (0 - 65535). type: int
- name - Name of the wireless controller. type: str
- rogue_scan_mac_adjacency - Maximum numerical difference between an AP"s Ethernet and wireless MAC values to match for rogue detection (0 - 31). type: int
- wtp_share - Enable/disable sharing of WTPs between VDOMs. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure wireless controller global settings.
fortios_wireless_controller_global:
vdom: "{{ vdom }}"
wireless_controller_global:
ap_log_server: "enable"
ap_log_server_ip: "<your_own_value>"
ap_log_server_port: "5"
control_message_offload: "ebp-frame"
data_ethernet_II: "enable"
discovery_mc_addr: "<your_own_value>"
fiapp_eth_type: "9"
image_download: "enable"
ipsec_base_ip: "<your_own_value>"
link_aggregation: "enable"
location: "<your_own_value>"
max_clients: "14"
max_retransmit: "15"
mesh_eth_type: "16"
name: "default_name_17"
rogue_scan_mac_adjacency: "18"
wtp_share: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_wireless_controller_hotspot20_anqp_3gpp_cellular – Configure 3GPP public land mobile network (PLMN) in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller_hotspot20 feature and anqp_3gpp_cellular category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- wireless_controller_hotspot20_anqp_3gpp_cellular - Configure 3GPP public land mobile network (PLMN). type: dict
- mcc_mnc_list - Mobile Country Code and Mobile Network Code configuration. type: list
- id - ID. type: int required: True
- mcc - Mobile country code. type: str
- mnc - Mobile network code. type: str
- name - 3GPP PLMN name. type: str required: True
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure 3GPP public land mobile network (PLMN).
fortios_wireless_controller_hotspot20_anqp_3gpp_cellular:
vdom: "{{ vdom }}"
state: "present"
wireless_controller_hotspot20_anqp_3gpp_cellular:
mcc_mnc_list:
-
id: "4"
mcc: "<your_own_value>"
mnc: "<your_own_value>"
name: "default_name_7"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_wireless_controller_hotspot20_anqp_ip_address_type – Configure IP address type availability in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller_hotspot20 feature and anqp_ip_address_type category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- wireless_controller_hotspot20_anqp_ip_address_type - Configure IP address type availability. type: dict
- ipv4_address_type - IPv4 address type. type: str choices: not-available, public, port-restricted, single-NATed-private, double-NATed-private, port-restricted-and-single-NATed, port-restricted-and-double-NATed, not-known
- ipv6_address_type - IPv6 address type. type: str choices: not-available, available, not-known
- name - IP type name. type: str required: True
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure IP address type availability.
fortios_wireless_controller_hotspot20_anqp_ip_address_type:
vdom: "{{ vdom }}"
state: "present"
wireless_controller_hotspot20_anqp_ip_address_type:
ipv4_address_type: "not-available"
ipv6_address_type: "not-available"
name: "default_name_5"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_wireless_controller_hotspot20_anqp_nai_realm – Configure network access identifier (NAI) realm in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller_hotspot20 feature and anqp_nai_realm category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- wireless_controller_hotspot20_anqp_nai_realm - Configure network access identifier (NAI) realm. type: dict
- nai_list - NAI list. type: list
- eap_method - EAP Methods. type: list
- auth_param - EAP auth param. type: str
- index - EAP method index. type: int required: True
- method - EAP method type. type: str choices: eap-identity, eap-md5, eap-tls, eap-ttls, eap-peap, eap-sim, eap-aka, eap-aka-prime
- encoding - Enable/disable format in accordance with IETF RFC 4282. type: str choices: disable, enable
- nai_realm - Configure NAI realms (delimited by a semi-colon character). type: str
- name - NAI realm name. type: str required: True
- name - NAI realm list name. type: str required: True
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure network access identifier (NAI) realm.
fortios_wireless_controller_hotspot20_anqp_nai_realm:
vdom: "{{ vdom }}"
state: "present"
wireless_controller_hotspot20_anqp_nai_realm:
nai_list:
-
eap_method:
-
auth_param:
-
id: "6"
index: "7"
val: "eap-identity"
index: "9"
method: "eap-identity"
encoding: "disable"
nai_realm: "<your_own_value>"
name: "default_name_13"
name: "default_name_14"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_wireless_controller_hotspot20_anqp_network_auth_type – Configure network authentication type in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller_hotspot20 feature and anqp_network_auth_type category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- wireless_controller_hotspot20_anqp_network_auth_type - Configure network authentication type. type: dict
- auth_type - Network authentication type. type: str choices: acceptance-of-terms, online-enrollment, http-redirection, dns-redirection
- name - Authentication type name. type: str required: True
- url - Redirect URL. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure network authentication type.
fortios_wireless_controller_hotspot20_anqp_network_auth_type:
vdom: "{{ vdom }}"
state: "present"
wireless_controller_hotspot20_anqp_network_auth_type:
auth_type: "acceptance-of-terms"
name: "default_name_4"
url: "myurl.com"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_wireless_controller_hotspot20_anqp_roaming_consortium – Configure roaming consortium in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller_hotspot20 feature and anqp_roaming_consortium category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- wireless_controller_hotspot20_anqp_roaming_consortium - Configure roaming consortium. type: dict
- name - Roaming consortium name. type: str required: True
- oi_list - Organization identifier list. type: list
- comment - Comment. type: str
- index - OI index. type: int required: True
- oi - Organization identifier. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure roaming consortium.
fortios_wireless_controller_hotspot20_anqp_roaming_consortium:
vdom: "{{ vdom }}"
state: "present"
wireless_controller_hotspot20_anqp_roaming_consortium:
name: "default_name_3"
oi_list:
-
comment: "Comment."
index: "6"
oi: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_wireless_controller_hotspot20_anqp_venue_name – Configure venue name duple in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller_hotspot20 feature and anqp_venue_name category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- wireless_controller_hotspot20_anqp_venue_name - Configure venue name duple. type: dict
- name - Name of venue name duple. type: str required: True
- value_list - Name list. type: list
- index - Value index. type: int required: True
- lang - Language code. type: str
- value - Venue name value. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure venue name duple.
fortios_wireless_controller_hotspot20_anqp_venue_name:
vdom: "{{ vdom }}"
state: "present"
wireless_controller_hotspot20_anqp_venue_name:
name: "default_name_3"
value_list:
-
index: "5"
lang: "<your_own_value>"
value: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_wireless_controller_hotspot20_h2qp_conn_capability – Configure connection capability in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller_hotspot20 feature and h2qp_conn_capability category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- wireless_controller_hotspot20_h2qp_conn_capability - Configure connection capability. type: dict
- esp_port - Set ESP port service (used by IPsec VPNs) status. type: str choices: closed, open, unknown
- ftp_port - Set FTP port service status. type: str choices: closed, open, unknown
- http_port - Set HTTP port service status. type: str choices: closed, open, unknown
- icmp_port - Set ICMP port service status. type: str choices: closed, open, unknown
- ikev2_port - Set IKEv2 port service for IPsec VPN status. type: str choices: closed, open, unknown
- ikev2_xx_port - Set UDP port 4500 (which may be used by IKEv2 for IPsec VPN) service status. type: str choices: closed, open, unknown
- name - Connection capability name. type: str required: True
- pptp_vpn_port - Set Point to Point Tunneling Protocol (PPTP) VPN port service status. type: str choices: closed, open, unknown
- ssh_port - Set SSH port service status. type: str choices: closed, open, unknown
- tls_port - Set TLS VPN (HTTPS) port service status. type: str choices: closed, open, unknown
- voip_tcp_port - Set VoIP TCP port service status. type: str choices: closed, open, unknown
- voip_udp_port - Set VoIP UDP port service status. type: str choices: closed, open, unknown
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure connection capability.
fortios_wireless_controller_hotspot20_h2qp_conn_capability:
vdom: "{{ vdom }}"
state: "present"
wireless_controller_hotspot20_h2qp_conn_capability:
esp_port: "closed"
ftp_port: "closed"
http_port: "closed"
icmp_port: "closed"
ikev2_port: "closed"
ikev2_xx_port: "closed"
name: "default_name_9"
pptp_vpn_port: "closed"
ssh_port: "closed"
tls_port: "closed"
voip_tcp_port: "closed"
voip_udp_port: "closed"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_wireless_controller_hotspot20_h2qp_operator_name – Configure operator friendly name in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller_hotspot20 feature and h2qp_operator_name category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- wireless_controller_hotspot20_h2qp_operator_name - Configure operator friendly name. type: dict
- name - Friendly name ID. type: str required: True
- value_list - Name list. type: list
- index - Value index. type: int required: True
- lang - Language code. type: str
- value - Friendly name value. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure operator friendly name.
fortios_wireless_controller_hotspot20_h2qp_operator_name:
vdom: "{{ vdom }}"
state: "present"
wireless_controller_hotspot20_h2qp_operator_name:
name: "default_name_3"
value_list:
-
index: "5"
lang: "<your_own_value>"
value: "<your_own_value>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_wireless_controller_hotspot20_h2qp_osu_provider – Configure online sign up (OSU) provider list in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller_hotspot20 feature and h2qp_osu_provider category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- wireless_controller_hotspot20_h2qp_osu_provider - Configure online sign up (OSU) provider list. type: dict
- friendly_name - OSU provider friendly name. type: list
- friendly_name - OSU provider friendly name. type: str
- index - OSU provider friendly name index. type: int required: True
- lang - Language code. type: str
- icon - OSU provider icon. Source wireless-controller.hotspot20.icon.name. type: str
- name - OSU provider ID. type: str required: True
- osu_method - OSU method list. type: str choices: oma-dm, soap-xml-spp, reserved
- osu_nai - OSU NAI. type: str
- server_uri - Server URI. type: str
- service_description - OSU service name. type: list
- lang - Language code. type: str
- service_description - Service description. type: str
- service_id - OSU service ID. type: int
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure online sign up (OSU) provider list.
fortios_wireless_controller_hotspot20_h2qp_osu_provider:
vdom: "{{ vdom }}"
state: "present"
wireless_controller_hotspot20_h2qp_osu_provider:
friendly_name:
-
friendly_name: "<your_own_value>"
index: "5"
lang: "<your_own_value>"
icon: "<your_own_value> (source wireless-controller.hotspot20.icon.name)"
name: "default_name_8"
osu_method: "oma-dm"
osu_nai: "<your_own_value>"
server_uri: "<your_own_value>"
service_description:
-
lang: "<your_own_value>"
service_description: "<your_own_value>"
service_id: "15"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_wireless_controller_hotspot20_h2qp_wan_metric – Configure WAN metrics in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller_hotspot20 feature and h2qp_wan_metric category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- wireless_controller_hotspot20_h2qp_wan_metric - Configure WAN metrics. type: dict
- downlink_load - Downlink load. type: int
- downlink_speed - Downlink speed (in kilobits/s). type: int
- link_at_capacity - Link at capacity. type: str choices: enable, disable
- link_status - Link status. type: str choices: up, down, in-test
- load_measurement_duration - Load measurement duration (in tenths of a second). type: int
- name - WAN metric name. type: str required: True
- symmetric_wan_link - WAN link symmetry. type: str choices: symmetric, asymmetric
- uplink_load - Uplink load. type: int
- uplink_speed - Uplink speed (in kilobits/s). type: int
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure WAN metrics.
fortios_wireless_controller_hotspot20_h2qp_wan_metric:
vdom: "{{ vdom }}"
state: "present"
wireless_controller_hotspot20_h2qp_wan_metric:
downlink_load: "3"
downlink_speed: "4"
link_at_capacity: "enable"
link_status: "up"
load_measurement_duration: "7"
name: "default_name_8"
symmetric_wan_link: "symmetric"
uplink_load: "10"
uplink_speed: "11"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_wireless_controller_hotspot20_hs_profile – Configure hotspot profile in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller_hotspot20 feature and hs_profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- wireless_controller_hotspot20_hs_profile - Configure hotspot profile. type: dict
- plmn_3gpp - 3GPP PLMN name. Source wireless-controller.hotspot20.anqp-3gpp-cellular.name. type: str
- access_network_asra - Enable/disable additional step required for access (ASRA). type: str choices: enable, disable
- access_network_esr - Enable/disable emergency services reachable (ESR). type: str choices: enable, disable
- access_network_internet - Enable/disable connectivity to the Internet. type: str choices: enable, disable
- access_network_type - Access network type. type: str choices: private-network, private-network-with-guest-access, chargeable-public-network, free-public-network, personal-device-network, emergency-services-only-network, test-or-experimental, wildcard
- access_network_uesa - Enable/disable unauthenticated emergency service accessible (UESA). type: str choices: enable, disable
- anqp_domain_id - ANQP Domain ID (0-65535). type: int
- bss_transition - Enable/disable basic service set (BSS) transition Support. type: str choices: enable, disable
- conn_cap - Connection capability name. Source wireless-controller.hotspot20.h2qp-conn-capability.name. type: str
- deauth_request_timeout - Deauthentication request timeout (in seconds). type: int
- dgaf - Enable/disable downstream group-addressed forwarding (DGAF). type: str choices: enable, disable
- domain_name - Domain name. type: str
- gas_comeback_delay - GAS comeback delay (0 or 100 - 4000 milliseconds). type: int
- gas_fragmentation_limit - GAS fragmentation limit (512 - 4096). type: int
- hessid - Homogeneous extended service set identifier (HESSID). type: str
- ip_addr_type - IP address type name. Source wireless-controller.hotspot20.anqp-ip-address-type.name. type: str
- l2tif - Enable/disable Layer 2 traffic inspection and filtering. type: str choices: enable, disable
- nai_realm - NAI realm list name. Source wireless-controller.hotspot20.anqp-nai-realm.name. type: str
- name - Hotspot profile name. type: str required: True
- network_auth - Network authentication name. Source wireless-controller.hotspot20.anqp-network-auth-type.name. type: str
- oper_friendly_name - Operator friendly name. Source wireless-controller.hotspot20.h2qp-operator-name.name. type: str
- osu_provider - Manually selected list of OSU provider(s). type: list
- name - OSU provider name. Source wireless-controller.hotspot20.h2qp-osu-provider.name. type: str required: True
- osu_ssid - Online sign up (OSU) SSID. type: str
- pame_bi - Enable/disable Pre-Association Message Exchange BSSID Independent (PAME-BI). type: str choices: disable, enable
- proxy_arp - Enable/disable Proxy ARP. type: str choices: enable, disable
- qos_map - QoS MAP set ID. Source wireless-controller.hotspot20.qos-map.name. type: str
- roaming_consortium - Roaming consortium list name. Source wireless-controller.hotspot20.anqp-roaming-consortium.name. type: str
- venue_group - Venue group. type: str choices: unspecified, assembly, business, educational, factory, institutional, mercantile, residential, storage, utility, vehicular, outdoor
- venue_name - Venue name. Source wireless-controller.hotspot20.anqp-venue-name.name. type: str
- venue_type - Venue type. type: str choices: unspecified, arena, stadium, passenger-terminal, amphitheater, amusement-park, place-of-worship, convention-center, library, museum, restaurant, theater, bar, coffee-shop, zoo-or-aquarium, emergency-center, doctor-office, bank, fire-station, police-station, post-office, professional-office, research-facility, attorney-office, primary-school, secondary-school, university-or-college, factory, hospital, long-term-care-facility, rehab-center, group-home, prison-or-jail, retail-store, grocery-market, auto-service-station, shopping-mall, gas-station, private, hotel-or-motel, dormitory, boarding-house, automobile, airplane, bus, ferry, ship-or-boat, train, motor-bike, muni-mesh-network, city-park, rest-area, traffic-control, bus-stop, kiosk
- wan_metrics - WAN metric name. Source wireless-controller.hotspot20.h2qp-wan-metric.name. type: str
- wnm_sleep_mode - Enable/disable wireless network management (WNM) sleep mode. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure hotspot profile.
fortios_wireless_controller_hotspot20_hs_profile:
vdom: "{{ vdom }}"
state: "present"
wireless_controller_hotspot20_hs_profile:
plmn_3gpp: "<your_own_value> (source wireless-controller.hotspot20.anqp-3gpp-cellular.name)"
access_network_asra: "enable"
access_network_esr: "enable"
access_network_internet: "enable"
access_network_type: "private-network"
access_network_uesa: "enable"
anqp_domain_id: "9"
bss_transition: "enable"
conn_cap: "<your_own_value> (source wireless-controller.hotspot20.h2qp-conn-capability.name)"
deauth_request_timeout: "12"
dgaf: "enable"
domain_name: "<your_own_value>"
gas_comeback_delay: "15"
gas_fragmentation_limit: "16"
hessid: "<your_own_value>"
ip_addr_type: "<your_own_value> (source wireless-controller.hotspot20.anqp-ip-address-type.name)"
l2tif: "enable"
nai_realm: "<your_own_value> (source wireless-controller.hotspot20.anqp-nai-realm.name)"
name: "default_name_21"
network_auth: "<your_own_value> (source wireless-controller.hotspot20.anqp-network-auth-type.name)"
oper_friendly_name: "<your_own_value> (source wireless-controller.hotspot20.h2qp-operator-name.name)"
osu_provider:
-
name: "default_name_25 (source wireless-controller.hotspot20.h2qp-osu-provider.name)"
osu_ssid: "<your_own_value>"
pame_bi: "disable"
proxy_arp: "enable"
qos_map: "<your_own_value> (source wireless-controller.hotspot20.qos-map.name)"
roaming_consortium: "<your_own_value> (source wireless-controller.hotspot20.anqp-roaming-consortium.name)"
venue_group: "unspecified"
venue_name: "<your_own_value> (source wireless-controller.hotspot20.anqp-venue-name.name)"
venue_type: "unspecified"
wan_metrics: "<your_own_value> (source wireless-controller.hotspot20.h2qp-wan-metric.name)"
wnm_sleep_mode: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_wireless_controller_hotspot20_icon – Configure OSU provider icon in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller_hotspot20 feature and icon category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- wireless_controller_hotspot20_icon - Configure OSU provider icon. type: dict
- icon_list - Icon list. type: list
- file - Icon file. type: str
- height - Icon height. type: int
- lang - Language code. type: str
- name - Icon name. type: str required: True
- type - Icon type. type: str choices: bmp, gif, jpeg, png, tiff
- width - Icon width. type: int
- name - Icon list ID. type: str required: True
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure OSU provider icon.
fortios_wireless_controller_hotspot20_icon:
vdom: "{{ vdom }}"
state: "present"
wireless_controller_hotspot20_icon:
icon_list:
-
file: "<your_own_value>"
height: "5"
lang: "<your_own_value>"
name: "default_name_7"
type: "bmp"
width: "9"
name: "default_name_10"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_wireless_controller_hotspot20_qos_map – Configure QoS map set in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller_hotspot20 feature and qos_map category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- wireless_controller_hotspot20_qos_map - Configure QoS map set. type: dict
- dscp_except - Differentiated Services Code Point (DSCP) exceptions. type: list
- dscp - DSCP value. type: int
- index - DSCP exception index. type: int required: True
- up - User priority. type: int
- dscp_range - Differentiated Services Code Point (DSCP) ranges. type: list
- high - DSCP high value. type: int
- index - DSCP range index. type: int required: True
- low - DSCP low value. type: int
- up - User priority. type: int
- name - QOS-MAP name. type: str required: True
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure QoS map set.
fortios_wireless_controller_hotspot20_qos_map:
vdom: "{{ vdom }}"
state: "present"
wireless_controller_hotspot20_qos_map:
dscp_except:
-
dscp: "4"
index: "5"
up: "6"
dscp_range:
-
high: "8"
index: "9"
low: "10"
up: "11"
name: "default_name_12"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_wireless_controller_inter_controller – Configure inter wireless controller operation in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and inter_controller category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- wireless_controller_inter_controller - Configure inter wireless controller operation. type: dict
- fast_failover_max - Maximum number of retransmissions for fast failover HA messages between peer wireless controllers (3 - 64). type: int
- fast_failover_wait - Minimum wait time before an AP transitions from secondary controller to primary controller (10 - 86400 sec). type: int
- inter_controller_key - Secret key for inter-controller communications. type: str
- inter_controller_mode - Configure inter-controller mode (disable, l2-roaming, 1+1). type: str choices: disable, l2-roaming, 1+1
- inter_controller_peer - Fast failover peer wireless controller list. type: list
- id - ID. type: int required: True
- peer_ip - Peer wireless controller"s IP address. type: str
- peer_port - Port used by the wireless controller"s for inter-controller communications (1024 - 49150). type: int
- peer_priority - Peer wireless controller"s priority (primary or secondary). type: str choices: primary, secondary
- inter_controller_pri - Configure inter-controller"s priority (primary or secondary). type: str choices: primary, secondary
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure inter wireless controller operation.
fortios_wireless_controller_inter_controller:
vdom: "{{ vdom }}"
wireless_controller_inter_controller:
fast_failover_max: "3"
fast_failover_wait: "4"
inter_controller_key: "<your_own_value>"
inter_controller_mode: "disable"
inter_controller_peer:
-
id: "8"
peer_ip: "<your_own_value>"
peer_port: "10"
peer_priority: "primary"
inter_controller_pri: "primary"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_wireless_controller_qos_profile – Configure WiFi quality of service (QoS) profiles in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and qos_profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- wireless_controller_qos_profile - Configure WiFi quality of service (QoS) profiles. type: dict
- bandwidth_admission_control - Enable/disable WMM bandwidth admission control. type: str choices: enable, disable
- bandwidth_capacity - Maximum bandwidth capacity allowed (1 - 600000 Kbps). type: int
- burst - Enable/disable client rate burst. type: str choices: enable, disable
- call_admission_control - Enable/disable WMM call admission control. type: str choices: enable, disable
- call_capacity - Maximum number of Voice over WLAN (VoWLAN) phones allowed (0 - 60). type: int
- comment - Comment. type: str
- downlink - Maximum downlink bandwidth for Virtual Access Points (VAPs) (0 - 2097152 Kbps). type: int
- downlink_sta - Maximum downlink bandwidth for clients (0 - 2097152 Kbps). type: int
- dscp_wmm_be - DSCP mapping for best effort access . type: list
- id - DSCP WMM mapping numbers (0 - 63). type: int required: True
- dscp_wmm_bk - DSCP mapping for background access . type: list
- id - DSCP WMM mapping numbers (0 - 63). type: int required: True
- dscp_wmm_mapping - Enable/disable Differentiated Services Code Point (DSCP) mapping. type: str choices: enable, disable
- dscp_wmm_vi - DSCP mapping for video access . type: list
- id - DSCP WMM mapping numbers (0 - 63). type: int required: True
- dscp_wmm_vo - DSCP mapping for voice access . type: list
- id - DSCP WMM mapping numbers (0 - 63). type: int required: True
- name - WiFi QoS profile name. type: str required: True
- uplink - Maximum uplink bandwidth for Virtual Access Points (VAPs) (0 - 2097152 Kbps). type: int
- uplink_sta - Maximum uplink bandwidth for clients (0 - 2097152 Kbps). type: int
- wmm - Enable/disable WiFi multi-media (WMM) control. type: str choices: enable, disable
- wmm_uapsd - Enable/disable WMM Unscheduled Automatic Power Save Delivery (U-APSD) power save mode. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure WiFi quality of service (QoS) profiles.
fortios_wireless_controller_qos_profile:
vdom: "{{ vdom }}"
state: "present"
wireless_controller_qos_profile:
bandwidth_admission_control: "enable"
bandwidth_capacity: "4"
burst: "enable"
call_admission_control: "enable"
call_capacity: "7"
comment: "Comment."
downlink: "9"
downlink_sta: "10"
dscp_wmm_be:
-
id: "12"
dscp_wmm_bk:
-
id: "14"
dscp_wmm_mapping: "enable"
dscp_wmm_vi:
-
id: "17"
dscp_wmm_vo:
-
id: "19"
name: "default_name_20"
uplink: "21"
uplink_sta: "22"
wmm: "enable"
wmm_uapsd: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_wireless_controller_setting – VDOM wireless controller configuration in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and setting category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- wireless_controller_setting - VDOM wireless controller configuration. type: dict
- account_id - FortiCloud customer account ID. type: str
- country - Country or region in which the FortiGate is located. The country determines the 802.11 bands and channels that are available. type: str choices: NA, AL, DZ, AO, AR, AM, AU, AT, AZ, BH, BD, BB, BY, BE, BZ, BO, BA, BR, BN, BG, KH, CL, CN, CO, CR, HR, CY, CZ, DK, DO, EC, EG, SV, EE, FI, FR, GE, DE, GR, GL, GD, GU, GT, HT, HN, HK, HU, IS, IN, ID, IR, IE, IL, IT, JM, JO, KZ, KE, KP, KR, KW, LV, LB, LI, LT, LU, MO, MK, MY, MT, MX, MC, MA, MZ, MM, NP, NL, AN, AW, NZ, False, OM, PK, PA, PG, PY, PE, PH, PL, PT, PR, QA, RO, RU, RW, SA, RS, ME, SG, SK, SI, ZA, ES, LK, SE, SD, CH, SY, TW, TZ, TH, TT, TN, TR, AE, UA, GB, US, PS, UY, UZ, VE, VN, YE, ZB, ZW, JP, CA
- duplicate_ssid - Enable/disable allowing Virtual Access Points (VAPs) to use the same SSID name in the same VDOM. type: str choices: enable, disable
- fapc_compatibility - Enable/disable FAP-C series compatibility. type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: VDOM wireless controller configuration.
fortios_wireless_controller_setting:
vdom: "{{ vdom }}"
wireless_controller_setting:
account_id: "<your_own_value>"
country: "NA"
duplicate_ssid: "enable"
fapc_compatibility: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_wireless_controller_timers – Configure CAPWAP timers in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and timers category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- wireless_controller_timers - Configure CAPWAP timers. type: dict
- ble_scan_report_intv - Time between running Bluetooth Low Energy (BLE) reports (10 - 3600 sec). type: int
- client_idle_timeout - Time after which a client is considered idle and times out (20 - 3600 sec). type: int
- darrp_day - Weekday on which to run DARRP optimization. type: str choices: sunday, monday, tuesday, wednesday, thursday, friday, saturday
- darrp_optimize - Time for running Dynamic Automatic Radio Resource Provisioning (DARRP) optimizations (0 - 86400 sec). type: int
- darrp_time - Time at which DARRP optimizations run (you can add up to 8 times). type: list
- time - Time. type: str required: True
- discovery_interval - Time between discovery requests (2 - 180 sec). type: int
- echo_interval - Time between echo requests sent by the managed WTP, AP, or FortiAP (1 - 255 sec). type: int
- fake_ap_log - Time between recording logs about fake APs if periodic fake AP logging is configured (0 - 1440 min). type: int
- ipsec_intf_cleanup - Time period to keep IPsec VPN interfaces up after WTP sessions are disconnected (30 - 3600 sec). type: int
- radio_stats_interval - Time between running radio reports (1 - 255 sec). type: int
- rogue_ap_log - Time between logging rogue AP messages if periodic rogue AP logging is configured (0 - 1440 min). type: int
- sta_capability_interval - Time between running station capability reports (1 - 255 sec). type: int
- sta_locate_timer - Time between running client presence flushes to remove clients that are listed but no longer present (0 - 86400 sec). type: int
- sta_stats_interval - Time between running client (station) reports (1 - 255 sec). type: int
- vap_stats_interval - Time between running Virtual Access Point (VAP) reports (1 - 255 sec). type: int
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure CAPWAP timers.
fortios_wireless_controller_timers:
vdom: "{{ vdom }}"
wireless_controller_timers:
ble_scan_report_intv: "3"
client_idle_timeout: "4"
darrp_day: "sunday"
darrp_optimize: "6"
darrp_time:
-
time: "<your_own_value>"
discovery_interval: "9"
echo_interval: "10"
fake_ap_log: "11"
ipsec_intf_cleanup: "12"
radio_stats_interval: "13"
rogue_ap_log: "14"
sta_capability_interval: "15"
sta_locate_timer: "16"
sta_stats_interval: "17"
vap_stats_interval: "18"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_wireless_controller_utm_profile – Configure UTM (Unified Threat Management) profile in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and utm_profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- wireless_controller_utm_profile - Configure UTM (Unified Threat Management) profile. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- antivirus_profile - AntiVirus profile name. Source antivirus.profile.name. type: str
- application_list - Application control list name. Source application.list.name. type: str
- comment - Comment. type: str
- ips_sensor - IPS sensor name. Source ips.sensor.name. type: str
- name - UTM profile name. type: str required: True
- scan_botnet_connections - Block or monitor connections to Botnet servers or disable Botnet scanning. type: str choices: disable, monitor, block
- utm_log - Enable/disable UTM logging. type: str choices: enable, disable
- webfilter_profile - WebFilter profile name. Source webfilter.profile.name. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure UTM (Unified Threat Management) profile.
fortios_wireless_controller_utm_profile:
vdom: "{{ vdom }}"
state: "present"
wireless_controller_utm_profile:
antivirus_profile: "<your_own_value> (source antivirus.profile.name)"
application_list: "<your_own_value> (source application.list.name)"
comment: "Comment."
ips_sensor: "<your_own_value> (source ips.sensor.name)"
name: "default_name_7"
scan_botnet_connections: "disable"
utm_log: "enable"
webfilter_profile: "<your_own_value> (source webfilter.profile.name)"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_wireless_controller_vap – Configure Virtual Access Points (VAPs) in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and vap category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- wireless_controller_vap - Configure Virtual Access Points (VAPs). type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- acct_interim_interval - WiFi RADIUS accounting interim interval (60 - 86400 sec). type: int
- alias - Alias. type: str
- auth - Authentication protocol. type: str choices: psk, radius, usergroup
- broadcast_ssid - Enable/disable broadcasting the SSID . type: str choices: enable, disable
- broadcast_suppression - Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. type: str choices: dhcp-up, dhcp-down, dhcp-starvation, arp-known, arp-unknown, arp-reply, arp-poison, arp-proxy, netbios-ns, netbios-ds, ipv6, all-other-mc, all-other-bc
- captive_portal_ac_name - Local-bridging captive portal ac-name. type: str
- captive_portal_macauth_radius_secret - Secret key to access the macauth RADIUS server. type: str
- captive_portal_macauth_radius_server - Captive portal external RADIUS server domain name or IP address. type: str
- captive_portal_radius_secret - Secret key to access the RADIUS server. type: str
- captive_portal_radius_server - Captive portal RADIUS server domain name or IP address. type: str
- captive_portal_session_timeout_interval - Session timeout interval (0 - 864000 sec). type: int
- dhcp_lease_time - DHCP lease time in seconds for NAT IP address. type: int
- dhcp_option82_circuit_id_insertion - Enable/disable DHCP option 82 circuit-id insert . type: str choices: style-1, style-2, disable
- dhcp_option82_insertion - Enable/disable DHCP option 82 insert . type: str choices: enable, disable
- dhcp_option82_remote_id_insertion - Enable/disable DHCP option 82 remote-id insert . type: str choices: style-1, disable
- dynamic_vlan - Enable/disable dynamic VLAN assignment. type: str choices: enable, disable
- eap_reauth - Enable/disable EAP re-authentication for WPA-Enterprise security. type: str choices: enable, disable
- eap_reauth_intv - EAP re-authentication interval (1800 - 864000 sec). type: int
- eapol_key_retries - Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) . type: str choices: disable, enable
- encrypt - Encryption protocol to use (only available when security is set to a WPA type). type: str choices: TKIP, AES, TKIP-AES
- external_fast_roaming - Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate . type: str choices: enable, disable
- external_logout - URL of external authentication logout server. type: str
- external_web - URL of external authentication web server. type: str
- fast_bss_transition - Enable/disable 802.11r Fast BSS Transition (FT) . type: str choices: disable, enable
- fast_roaming - Enable/disable fast-roaming, or pre-authentication, where supported by clients . type: str choices: enable, disable
- ft_mobility_domain - Mobility domain identifier in FT (1 - 65535). type: int
- ft_over_ds - Enable/disable FT over the Distribution System (DS). type: str choices: disable, enable
- ft_r0_key_lifetime - Lifetime of the PMK-R0 key in FT, 1-65535 minutes. type: int
- gtk_rekey - Enable/disable GTK rekey for WPA security. type: str choices: enable, disable
- gtk_rekey_intv - GTK rekey interval (1800 - 864000 sec). type: int
- hotspot20_profile - Hotspot 2.0 profile name. type: str
- intra_vap_privacy - Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) . type: str choices: enable, disable
- ip - IP address and subnet mask for the local standalone NAT subnet. type: str
- key - WEP Key. type: str
- keyindex - WEP key index (1 - 4). type: int
- ldpc - VAP low-density parity-check (LDPC) coding configuration. type: str choices: disable, rx, tx, rxtx
- local_authentication - Enable/disable AP local authentication. type: str choices: enable, disable
- local_bridging - Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP . type: str choices: enable, disable
- local_lan - Allow/deny traffic destined for a Class A, B, or C private IP address . type: str choices: allow, deny
- local_standalone - Enable/disable AP local standalone . type: str choices: enable, disable
- local_standalone_nat - Enable/disable AP local standalone NAT mode. type: str choices: enable, disable
- mac_auth_bypass - Enable/disable MAC authentication bypass. type: str choices: enable, disable
- mac_filter - Enable/disable MAC filtering to block wireless clients by mac address. type: str choices: enable, disable
- mac_filter_list - Create a list of MAC addresses for MAC address filtering. type: list
- id - ID. type: int required: True
- mac - MAC address. type: str
- mac_filter_policy - Deny or allow the client with this MAC address. type: str choices: allow, deny
- mac_filter_policy_other - Allow or block clients with MAC addresses that are not in the filter list. type: str choices: allow, deny
- max_clients - Maximum number of clients that can connect simultaneously to the VAP . type: int
- max_clients_ap - Maximum number of clients that can connect simultaneously to each radio . type: int
- me_disable_thresh - Disable multicast enhancement when this many clients are receiving multicast traffic. type: int
- mesh_backhaul - Enable/disable using this VAP as a WiFi mesh backhaul . This entry is only available when security is set to a WPA type or open. type: str choices: enable, disable
- mpsk - Enable/disable multiple pre-shared keys (PSKs.) type: str choices: enable, disable
- mpsk_concurrent_clients - Number of pre-shared keys (PSKs) to allow if multiple pre-shared keys are enabled. type: int
- mpsk_key - Pre-shared keys that can be used to connect to this virtual access point. type: list
- comment - Comment. type: str
- concurrent_clients - Number of clients that can connect using this pre-shared key. type: str
- key_name - Pre-shared key name. type: str
- passphrase - WPA Pre-shared key. type: str
- multicast_enhance - Enable/disable converting multicast to unicast to improve performance . type: str choices: enable, disable
- multicast_rate - Multicast rate (0, 6000, 12000, or 24000 kbps). type: str choices: 0, 6000, 12000, 24000
- name - Virtual AP name. type: str required: True
- okc - Enable/disable Opportunistic Key Caching (OKC) . type: str choices: disable, enable
- passphrase - WPA pre-shard key (PSK) to be used to authenticate WiFi users. type: str
- pmf - Protected Management Frames (PMF) support . type: str choices: disable, enable, optional
- pmf_assoc_comeback_timeout - Protected Management Frames (PMF) comeback maximum timeout (1-20 sec). type: int
- pmf_sa_query_retry_timeout - Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec). type: int
- portal_message_override_group - Replacement message group for this VAP (only available when security is set to a captive portal type). type: str
- portal_message_overrides - Individual message overrides. type: dict
- auth_disclaimer_page - Override auth-disclaimer-page message with message from portal-message-overrides group. type: str
- auth_login_failed_page - Override auth-login-failed-page message with message from portal-message-overrides group. type: str
- auth_login_page - Override auth-login-page message with message from portal-message-overrides group. type: str
- auth_reject_page - Override auth-reject-page message with message from portal-message-overrides group. type: str
- portal_type - Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. type: str choices: auth, auth+disclaimer, disclaimer, email-collect, cmcc, cmcc-macauth, auth-mac
- probe_resp_suppression - Enable/disable probe response suppression (to ignore weak signals) . type: str choices: enable, disable
- probe_resp_threshold - Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20). type: str
- ptk_rekey - Enable/disable PTK rekey for WPA-Enterprise security. type: str choices: enable, disable
- ptk_rekey_intv - PTK rekey interval (1800 - 864000 sec). type: int
- qos_profile - Quality of service profile name. type: str
- quarantine - Enable/disable station quarantine . type: str choices: enable, disable
- radio_2g_threshold - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20). type: str
- radio_5g_threshold - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20). type: str
- radio_sensitivity - Enable/disable software radio sensitivity (to ignore weak signals) . type: str choices: enable, disable
- radius_mac_auth - Enable/disable RADIUS-based MAC authentication of clients . type: str choices: enable, disable
- radius_mac_auth_server - RADIUS-based MAC authentication server. type: str
- radius_mac_auth_usergroups - Selective user groups that are permitted for RADIUS mac authentication. type: list
- name - User group name. type: str required: True
- radius_server - RADIUS server to be used to authenticate WiFi users. type: str
- rates_11a - Allowed data rates for 802.11a. type: str choices: 1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 11, 11-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic
- rates_11ac_ss12 - Allowed data rates for 802.11ac with 1 or 2 spatial streams. type: str choices: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2
- rates_11ac_ss34 - Allowed data rates for 802.11ac with 3 or 4 spatial streams. type: str choices: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4
- rates_11bg - Allowed data rates for 802.11b/g. type: str choices: 1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 11, 11-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic
- rates_11n_ss12 - Allowed data rates for 802.11n with 1 or 2 spatial streams. type: str choices: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/2, mcs9/2, mcs10/2, mcs11/2, mcs12/2, mcs13/2, mcs14/2, mcs15/2
- rates_11n_ss34 - Allowed data rates for 802.11n with 3 or 4 spatial streams. type: str choices: mcs16/3, mcs17/3, mcs18/3, mcs19/3, mcs20/3, mcs21/3, mcs22/3, mcs23/3, mcs24/4, mcs25/4, mcs26/4, mcs27/4, mcs28/4, mcs29/4, mcs30/4, mcs31/4
- schedule - VAP schedule name. type: str
- security - Security mode for the wireless interface . type: str choices: open, captive-portal, wep64, wep128, wpa-personal, wpa-personal+captive-portal, wpa-enterprise, wpa-only-personal, wpa-only-personal+captive-portal, wpa-only-enterprise, wpa2-only-personal, wpa2-only-personal+captive-portal, wpa2-only-enterprise, osen
- security_exempt_list - Optional security exempt list for captive portal authentication. type: str
- security_obsolete_option - Enable/disable obsolete security options. type: str choices: enable, disable
- security_redirect_url - Optional URL for redirecting users after they pass captive portal authentication. type: str
- selected_usergroups - Selective user groups that are permitted to authenticate. type: list
- name - User group name. type: str required: True
- split_tunneling - Enable/disable split tunneling . type: str choices: enable, disable
- ssid - IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name. type: str
- tkip_counter_measure - Enable/disable TKIP counter measure. type: str choices: enable, disable
- usergroup - Firewall user group to be used to authenticate WiFi users. type: list
- name - User group name. type: str required: True
- utm_profile - UTM profile name. type: str
- vdom - Name of the VDOM that the Virtual AP has been added to. Source system.vdom.name. type: str
- vlan_auto - Enable/disable automatic management of SSID VLAN interface. type: str choices: enable, disable
- vlan_pool - VLAN pool. type: list
- id - ID. type: int required: True
- wtp_group - WTP group name. type: str
- vlan_pooling - Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools . When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. type: str choices: wtp-group, round-robin, hash, disable
- vlanid - Optional VLAN ID. type: int
- voice_enterprise - Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming . type: str choices: disable, enable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure Virtual Access Points (VAPs).
fortios_wireless_controller_vap:
vdom: "{{ vdom }}"
state: "present"
wireless_controller_vap:
acct_interim_interval: "3"
alias: "<your_own_value>"
auth: "psk"
broadcast_ssid: "enable"
broadcast_suppression: "dhcp-up"
captive_portal_ac_name: "<your_own_value>"
captive_portal_macauth_radius_secret: "<your_own_value>"
captive_portal_macauth_radius_server: "<your_own_value>"
captive_portal_radius_secret: "<your_own_value>"
captive_portal_radius_server: "<your_own_value>"
captive_portal_session_timeout_interval: "13"
dhcp_lease_time: "14"
dhcp_option82_circuit_id_insertion: "style-1"
dhcp_option82_insertion: "enable"
dhcp_option82_remote_id_insertion: "style-1"
dynamic_vlan: "enable"
eap_reauth: "enable"
eap_reauth_intv: "20"
eapol_key_retries: "disable"
encrypt: "TKIP"
external_fast_roaming: "enable"
external_logout: "<your_own_value>"
external_web: "<your_own_value>"
fast_bss_transition: "disable"
fast_roaming: "enable"
ft_mobility_domain: "28"
ft_over_ds: "disable"
ft_r0_key_lifetime: "30"
gtk_rekey: "enable"
gtk_rekey_intv: "32"
hotspot20_profile: "<your_own_value>"
intra_vap_privacy: "enable"
ip: "<your_own_value>"
key: "<your_own_value>"
keyindex: "37"
ldpc: "disable"
local_authentication: "enable"
local_bridging: "enable"
local_lan: "allow"
local_standalone: "enable"
local_standalone_nat: "enable"
mac_auth_bypass: "enable"
mac_filter: "enable"
mac_filter_list:
-
id: "47"
mac: "<your_own_value>"
mac_filter_policy: "allow"
mac_filter_policy_other: "allow"
max_clients: "51"
max_clients_ap: "52"
me_disable_thresh: "53"
mesh_backhaul: "enable"
mpsk: "enable"
mpsk_concurrent_clients: "56"
mpsk_key:
-
comment: "Comment."
concurrent_clients: "<your_own_value>"
key_name: "<your_own_value>"
passphrase: "<your_own_value>"
multicast_enhance: "enable"
multicast_rate: "0"
name: "default_name_64"
okc: "disable"
passphrase: "<your_own_value>"
pmf: "disable"
pmf_assoc_comeback_timeout: "68"
pmf_sa_query_retry_timeout: "69"
portal_message_override_group: "<your_own_value>"
portal_message_overrides:
auth_disclaimer_page: "<your_own_value>"
auth_login_failed_page: "<your_own_value>"
auth_login_page: "<your_own_value>"
auth_reject_page: "<your_own_value>"
portal_type: "auth"
probe_resp_suppression: "enable"
probe_resp_threshold: "<your_own_value>"
ptk_rekey: "enable"
ptk_rekey_intv: "80"
qos_profile: "<your_own_value>"
quarantine: "enable"
radio_2g_threshold: "<your_own_value>"
radio_5g_threshold: "<your_own_value>"
radio_sensitivity: "enable"
radius_mac_auth: "enable"
radius_mac_auth_server: "<your_own_value>"
radius_mac_auth_usergroups:
-
name: "default_name_89"
radius_server: "<your_own_value>"
rates_11a: "1"
rates_11ac_ss12: "mcs0/1"
rates_11ac_ss34: "mcs0/3"
rates_11bg: "1"
rates_11n_ss12: "mcs0/1"
rates_11n_ss34: "mcs16/3"
schedule: "<your_own_value>"
security: "open"
security_exempt_list: "<your_own_value>"
security_obsolete_option: "enable"
security_redirect_url: "<your_own_value>"
selected_usergroups:
-
name: "default_name_103"
split_tunneling: "enable"
ssid: "<your_own_value>"
tkip_counter_measure: "enable"
usergroup:
-
name: "default_name_108"
utm_profile: "<your_own_value>"
vdom: "<your_own_value> (source system.vdom.name)"
vlan_auto: "enable"
vlan_pool:
-
id: "113"
wtp_group: "<your_own_value>"
vlan_pooling: "wtp-group"
vlanid: "116"
voice_enterprise: "disable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_wireless_controller_vap_group – Configure virtual Access Point (VAP) groups in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and vap_group category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- wireless_controller_vap_group - Configure virtual Access Point (VAP) groups. type: dict
- comment - Comment. type: str
- name - Group Name type: str required: True
- vaps - List of SSIDs to be included in the VAP group. type: list
- name - vap name Source wireless-controller.vap.name. type: str required: True
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure virtual Access Point (VAP) groups.
fortios_wireless_controller_vap_group:
vdom: "{{ vdom }}"
state: "present"
wireless_controller_vap_group:
comment: "Comment."
name: "default_name_4"
vaps:
-
name: "default_name_6 (source wireless-controller.vap.name)"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_wireless_controller_wids_profile – Configure wireless intrusion detection system (WIDS) profiles in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and wids_profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- wireless_controller_wids_profile - Configure wireless intrusion detection system (WIDS) profiles. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- ap_auto_suppress - Enable/disable on-wire rogue AP auto-suppression . type: str choices: enable, disable
- ap_bgscan_disable_day - Optionally turn off scanning for one or more days of the week. Separate the days with a space. By default, no days are set. type: str choices: sunday, monday, tuesday, wednesday, thursday, friday, saturday
- ap_bgscan_disable_end - End time, using a 24-hour clock in the format of hh:mm, for disabling background scanning . type: str
- ap_bgscan_disable_start - Start time, using a 24-hour clock in the format of hh:mm, for disabling background scanning . type: str
- ap_bgscan_duration - Listening time on a scanning channel (10 - 1000 msec). type: int
- ap_bgscan_idle - Waiting time for channel inactivity before scanning this channel (0 - 1000 msec). type: int
- ap_bgscan_intv - Period of time between scanning two channels (1 - 600 sec). type: int
- ap_bgscan_period - Period of time between background scans (60 - 3600 sec). type: int
- ap_bgscan_report_intv - Period of time between background scan reports (15 - 600 sec). type: int
- ap_fgscan_report_intv - Period of time between foreground scan reports (15 - 600 sec). type: int
- ap_scan - Enable/disable rogue AP detection. type: str choices: disable, enable
- ap_scan_passive - Enable/disable passive scanning. Enable means do not send probe request on any channels . type: str choices: enable, disable
- asleap_attack - Enable/disable asleap attack detection . type: str choices: enable, disable
- assoc_flood_thresh - The threshold value for association frame flooding. type: int
- assoc_flood_time - Number of seconds after which a station is considered not connected. type: int
- assoc_frame_flood - Enable/disable association frame flooding detection . type: str choices: enable, disable
- auth_flood_thresh - The threshold value for authentication frame flooding. type: int
- auth_flood_time - Number of seconds after which a station is considered not connected. type: int
- auth_frame_flood - Enable/disable authentication frame flooding detection . type: str choices: enable, disable
- comment - Comment. type: str
- deauth_broadcast - Enable/disable broadcasting de-authentication detection . type: str choices: enable, disable
- deauth_unknown_src_thresh - Threshold value per second to deauth unknown src for DoS attack (0: no limit). type: int
- eapol_fail_flood - Enable/disable EAPOL-Failure flooding (to AP) detection . type: str choices: enable, disable
- eapol_fail_intv - The detection interval for EAPOL-Failure flooding (1 - 3600 sec). type: int
- eapol_fail_thresh - The threshold value for EAPOL-Failure flooding in specified interval. type: int
- eapol_logoff_flood - Enable/disable EAPOL-Logoff flooding (to AP) detection . type: str choices: enable, disable
- eapol_logoff_intv - The detection interval for EAPOL-Logoff flooding (1 - 3600 sec). type: int
- eapol_logoff_thresh - The threshold value for EAPOL-Logoff flooding in specified interval. type: int
- eapol_pre_fail_flood - Enable/disable premature EAPOL-Failure flooding (to STA) detection . type: str choices: enable, disable
- eapol_pre_fail_intv - The detection interval for premature EAPOL-Failure flooding (1 - 3600 sec). type: int
- eapol_pre_fail_thresh - The threshold value for premature EAPOL-Failure flooding in specified interval. type: int
- eapol_pre_succ_flood - Enable/disable premature EAPOL-Success flooding (to STA) detection . type: str choices: enable, disable
- eapol_pre_succ_intv - The detection interval for premature EAPOL-Success flooding (1 - 3600 sec). type: int
- eapol_pre_succ_thresh - The threshold value for premature EAPOL-Success flooding in specified interval. type: int
- eapol_start_flood - Enable/disable EAPOL-Start flooding (to AP) detection . type: str choices: enable, disable
- eapol_start_intv - The detection interval for EAPOL-Start flooding (1 - 3600 sec). type: int
- eapol_start_thresh - The threshold value for EAPOL-Start flooding in specified interval. type: int
- eapol_succ_flood - Enable/disable EAPOL-Success flooding (to AP) detection . type: str choices: enable, disable
- eapol_succ_intv - The detection interval for EAPOL-Success flooding (1 - 3600 sec). type: int
- eapol_succ_thresh - The threshold value for EAPOL-Success flooding in specified interval. type: int
- invalid_mac_oui - Enable/disable invalid MAC OUI detection. type: str choices: enable, disable
- long_duration_attack - Enable/disable long duration attack detection based on user configured threshold . type: str choices: enable, disable
- long_duration_thresh - Threshold value for long duration attack detection (1000 - 32767 usec). type: int
- name - WIDS profile name. type: str required: True
- null_ssid_probe_resp - Enable/disable null SSID probe response detection . type: str choices: enable, disable
- sensor_mode - Scan WiFi nearby stations . type: str choices: disable, foreign, both
- spoofed_deauth - Enable/disable spoofed de-authentication attack detection . type: str choices: enable, disable
- weak_wep_iv - Enable/disable weak WEP IV (Initialization Vector) detection . type: str choices: enable, disable
- wireless_bridge - Enable/disable wireless bridge detection . type: str choices: enable, disable
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure wireless intrusion detection system (WIDS) profiles.
fortios_wireless_controller_wids_profile:
vdom: "{{ vdom }}"
state: "present"
wireless_controller_wids_profile:
ap_auto_suppress: "enable"
ap_bgscan_disable_day: "sunday"
ap_bgscan_disable_end: "<your_own_value>"
ap_bgscan_disable_start: "<your_own_value>"
ap_bgscan_duration: "7"
ap_bgscan_idle: "8"
ap_bgscan_intv: "9"
ap_bgscan_period: "10"
ap_bgscan_report_intv: "11"
ap_fgscan_report_intv: "12"
ap_scan: "disable"
ap_scan_passive: "enable"
asleap_attack: "enable"
assoc_flood_thresh: "16"
assoc_flood_time: "17"
assoc_frame_flood: "enable"
auth_flood_thresh: "19"
auth_flood_time: "20"
auth_frame_flood: "enable"
comment: "Comment."
deauth_broadcast: "enable"
deauth_unknown_src_thresh: "24"
eapol_fail_flood: "enable"
eapol_fail_intv: "26"
eapol_fail_thresh: "27"
eapol_logoff_flood: "enable"
eapol_logoff_intv: "29"
eapol_logoff_thresh: "30"
eapol_pre_fail_flood: "enable"
eapol_pre_fail_intv: "32"
eapol_pre_fail_thresh: "33"
eapol_pre_succ_flood: "enable"
eapol_pre_succ_intv: "35"
eapol_pre_succ_thresh: "36"
eapol_start_flood: "enable"
eapol_start_intv: "38"
eapol_start_thresh: "39"
eapol_succ_flood: "enable"
eapol_succ_intv: "41"
eapol_succ_thresh: "42"
invalid_mac_oui: "enable"
long_duration_attack: "enable"
long_duration_thresh: "45"
name: "default_name_46"
null_ssid_probe_resp: "enable"
sensor_mode: "disable"
spoofed_deauth: "enable"
weak_wep_iv: "enable"
wireless_bridge: "enable"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_wireless_controller_wtp – Configure Wireless Termination Points (WTPs), that is, FortiAPs or APs to be managed by FortiGate in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and wtp category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- wireless_controller_wtp - Configure Wireless Termination Points (WTPs), that is, FortiAPs or APs to be managed by FortiGate. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- admin - Configure how the FortiGate operating as a wireless controller discovers and manages this WTP, AP or FortiAP. type: str choices: discovered, disable, enable
- allowaccess - Control management access to the managed WTP, FortiAP, or AP. Separate entries with a space. type: str choices: telnet, http, https, ssh
- bonjour_profile - Bonjour profile name. Source wireless-controller.bonjour-profile.name. type: str
- coordinate_enable - Enable/disable WTP coordinates (X,Y axis). type: str choices: enable, disable
- coordinate_latitude - WTP latitude coordinate. type: str
- coordinate_longitude - WTP longitude coordinate. type: str
- coordinate_x - X axis coordinate. type: str
- coordinate_y - Y axis coordinate. type: str
- image_download - Enable/disable WTP image download. type: str choices: enable, disable
- index - Index (0 - 4294967295). type: int
- ip_fragment_preventing - Method by which IP fragmentation is prevented for CAPWAP tunneled control and data packets . type: str choices: tcp-mss-adjust, icmp-unreachable
- lan - WTP LAN port mapping. type: dict
- port_mode - LAN port mode. type: str choices: offline, nat-to-wan, bridge-to-wan, bridge-to-ssid
- port_ssid - Bridge LAN port to SSID. Source wireless-controller.vap.name. type: str
- port1_mode - LAN port 1 mode. type: str choices: offline, nat-to-wan, bridge-to-wan, bridge-to-ssid
- port1_ssid - Bridge LAN port 1 to SSID. Source wireless-controller.vap.name. type: str
- port2_mode - LAN port 2 mode. type: str choices: offline, nat-to-wan, bridge-to-wan, bridge-to-ssid
- port2_ssid - Bridge LAN port 2 to SSID. Source wireless-controller.vap.name. type: str
- port3_mode - LAN port 3 mode. type: str choices: offline, nat-to-wan, bridge-to-wan, bridge-to-ssid
- port3_ssid - Bridge LAN port 3 to SSID. Source wireless-controller.vap.name. type: str
- port4_mode - LAN port 4 mode. type: str choices: offline, nat-to-wan, bridge-to-wan, bridge-to-ssid
- port4_ssid - Bridge LAN port 4 to SSID. Source wireless-controller.vap.name. type: str
- port5_mode - LAN port 5 mode. type: str choices: offline, nat-to-wan, bridge-to-wan, bridge-to-ssid
- port5_ssid - Bridge LAN port 5 to SSID. Source wireless-controller.vap.name. type: str
- port6_mode - LAN port 6 mode. type: str choices: offline, nat-to-wan, bridge-to-wan, bridge-to-ssid
- port6_ssid - Bridge LAN port 6 to SSID. Source wireless-controller.vap.name. type: str
- port7_mode - LAN port 7 mode. type: str choices: offline, nat-to-wan, bridge-to-wan, bridge-to-ssid
- port7_ssid - Bridge LAN port 7 to SSID. Source wireless-controller.vap.name. type: str
- port8_mode - LAN port 8 mode. type: str choices: offline, nat-to-wan, bridge-to-wan, bridge-to-ssid
- port8_ssid - Bridge LAN port 8 to SSID. Source wireless-controller.vap.name. type: str
- led_state - Enable to allow the FortiAPs LEDs to light. Disable to keep the LEDs off. You may want to keep the LEDs off so they are not distracting in low light areas etc. type: str choices: enable, disable
- location - Field for describing the physical location of the WTP, AP or FortiAP. type: str
- login_passwd - Set the managed WTP, FortiAP, or AP"s administrator password. type: str
- login_passwd_change - Change or reset the administrator password of a managed WTP, FortiAP or AP (yes, default, or no). type: str choices: True, default, False
- mesh_bridge_enable - Enable/disable mesh Ethernet bridge when WTP is configured as a mesh branch/leaf AP. type: str choices: default, enable, disable
- name - WTP, AP or FortiAP configuration name. type: str
- override_allowaccess - Enable to override the WTP profile management access configuration. type: str choices: enable, disable
- override_ip_fragment - Enable/disable overriding the WTP profile IP fragment prevention setting. type: str choices: enable, disable
- override_lan - Enable to override the WTP profile LAN port setting. type: str choices: enable, disable
- override_led_state - Enable to override the profile LED state setting for this FortiAP. You must enable this option to use the led-state command to turn off the FortiAP"s LEDs. type: str choices: enable, disable
- override_login_passwd_change - Enable to override the WTP profile login-password (administrator password) setting. type: str choices: enable, disable
- override_split_tunnel - Enable/disable overriding the WTP profile split tunneling setting. type: str choices: enable, disable
- override_wan_port_mode - Enable/disable overriding the wan-port-mode in the WTP profile. type: str choices: enable, disable
- radio_1 - Configuration options for radio 1. type: dict
- auto_power_high - Automatic transmission power high limit in decibels (dB) of the measured power referenced to one milliwatt (mW), or dBm (10 - 17 dBm). type: int
- auto_power_level - Enable/disable automatic power-level adjustment to prevent co-channel interference . type: str choices: enable, disable
- auto_power_low - Automatic transmission power low limit in dBm (the actual range of transmit power depends on the AP platform type). type: int
- band - WiFi band that Radio 1 operates on. type: str choices: 802.11a, 802.11b, 802.11g, 802.11n, 802.11n-5G, 802.11n,g-only, 802.11g-only, 802.11n-only, 802.11n-5G-only, 802.11ac, 802.11ac,n-only, 802.11ac-only
- channel - Selected list of wireless radio channels. type: list
- chan - Channel number. type: str required: True
- override_analysis - Enable to override the WTP profile spectrum analysis configuration. type: str choices: enable, disable
- override_band - Enable to override the WTP profile band setting. type: str choices: enable, disable
- override_channel - Enable to override WTP profile channel settings. type: str choices: enable, disable
- override_txpower - Enable to override the WTP profile power level configuration. type: str choices: enable, disable
- override_vaps - Enable to override WTP profile Virtual Access Point (VAP) settings. type: str choices: enable, disable
- power_level - Radio power level as a percentage of the maximum transmit power (0 - 100). type: int
- radio_id - radio-id type: int
- spectrum_analysis - Enable/disable spectrum analysis to find interference that would negatively impact wireless performance. type: str choices: enable, disable
- vap_all - Enable/disable the automatic inheritance of all Virtual Access Points (VAPs) . type: str choices: enable, disable
- vaps - Manually selected list of Virtual Access Points (VAPs). type: list
- name - Virtual Access Point (VAP) name. Source wireless-controller.vap-group.name wireless-controller.vap.name. type: str required: True
- radio_2 - Configuration options for radio 2. type: dict
- auto_power_high - Automatic transmission power high limit in decibels (dB) of the measured power referenced to one milliwatt (mW), or dBm (10 - 17 dBm). type: int
- auto_power_level - Enable/disable automatic power-level adjustment to prevent co-channel interference . type: str choices: enable, disable
- auto_power_low - Automatic transmission power low limit in dBm (the actual range of transmit power depends on the AP platform type). type: int
- band - WiFi band that Radio 1 operates on. type: str choices: 802.11a, 802.11b, 802.11g, 802.11n, 802.11n-5G, 802.11n,g-only, 802.11g-only, 802.11n-only, 802.11n-5G-only, 802.11ac, 802.11ac,n-only, 802.11ac-only
- channel - Selected list of wireless radio channels. type: list
- chan - Channel number. type: str required: True
- override_analysis - Enable to override the WTP profile spectrum analysis configuration. type: str choices: enable, disable
- override_band - Enable to override the WTP profile band setting. type: str choices: enable, disable
- override_channel - Enable to override WTP profile channel settings. type: str choices: enable, disable
- override_txpower - Enable to override the WTP profile power level configuration. type: str choices: enable, disable
- override_vaps - Enable to override WTP profile Virtual Access Point (VAP) settings. type: str choices: enable, disable
- power_level - Radio power level as a percentage of the maximum transmit power (0 - 100). type: int
- radio_id - radio-id type: int
- spectrum_analysis - Enable/disable spectrum analysis to find interference that would negatively impact wireless performance. type: str choices: enable, disable
- vap_all - Enable/disable the automatic inheritance of all Virtual Access Points (VAPs) . type: str choices: enable, disable
- vaps - Manually selected list of Virtual Access Points (VAPs). type: list
- name - Virtual Access Point (VAP) name. Source wireless-controller.vap-group.name wireless-controller.vap.name. type: str required: True
- split_tunneling_acl - Split tunneling ACL filter list. type: list
- dest_ip - Destination IP and mask for the split-tunneling subnet. type: str
- id - ID. type: int required: True
- split_tunneling_acl_local_ap_subnet - Enable/disable automatically adding local subnetwork of FortiAP to split-tunneling ACL . type: str choices: enable, disable
- split_tunneling_acl_path - Split tunneling ACL path is local/tunnel. type: str choices: tunnel, local
- tun_mtu_downlink - Downlink tunnel MTU in octets. Set the value to either 0 (by default), 576, or 1500. type: int
- tun_mtu_uplink - Uplink tunnel maximum transmission unit (MTU) in octets (eight-bit bytes). Set the value to either 0 (by default), 576, or 1500. type: int
- wan_port_mode - Enable/disable using the FortiAP WAN port as a LAN port. type: str choices: wan-lan, wan-only
- wtp_id - WTP ID. type: str
- wtp_mode - WTP, AP, or FortiAP operating mode; normal (by default) or remote. A tunnel mode SSID can be assigned to an AP in normal mode but not remote mode, while a local-bridge mode SSID can be assigned to an AP in either normal mode or remote mode. type: str choices: normal, remote
- wtp_profile - WTP profile name to apply to this WTP, AP or FortiAP. Source wireless-controller.wtp-profile.name. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure Wireless Termination Points (WTPs), that is, FortiAPs or APs to be managed by FortiGate.
fortios_wireless_controller_wtp:
vdom: "{{ vdom }}"
state: "present"
wireless_controller_wtp:
admin: "discovered"
allowaccess: "telnet"
bonjour_profile: "<your_own_value> (source wireless-controller.bonjour-profile.name)"
coordinate_enable: "enable"
coordinate_latitude: "<your_own_value>"
coordinate_longitude: "<your_own_value>"
coordinate_x: "<your_own_value>"
coordinate_y: "<your_own_value>"
image_download: "enable"
index: "12"
ip_fragment_preventing: "tcp-mss-adjust"
lan:
port_mode: "offline"
port_ssid: "<your_own_value> (source wireless-controller.vap.name)"
port1_mode: "offline"
port1_ssid: "<your_own_value> (source wireless-controller.vap.name)"
port2_mode: "offline"
port2_ssid: "<your_own_value> (source wireless-controller.vap.name)"
port3_mode: "offline"
port3_ssid: "<your_own_value> (source wireless-controller.vap.name)"
port4_mode: "offline"
port4_ssid: "<your_own_value> (source wireless-controller.vap.name)"
port5_mode: "offline"
port5_ssid: "<your_own_value> (source wireless-controller.vap.name)"
port6_mode: "offline"
port6_ssid: "<your_own_value> (source wireless-controller.vap.name)"
port7_mode: "offline"
port7_ssid: "<your_own_value> (source wireless-controller.vap.name)"
port8_mode: "offline"
port8_ssid: "<your_own_value> (source wireless-controller.vap.name)"
led_state: "enable"
location: "<your_own_value>"
login_passwd: "<your_own_value>"
login_passwd_change: "yes"
mesh_bridge_enable: "default"
name: "default_name_38"
override_allowaccess: "enable"
override_ip_fragment: "enable"
override_lan: "enable"
override_led_state: "enable"
override_login_passwd_change: "enable"
override_split_tunnel: "enable"
override_wan_port_mode: "enable"
radio_1:
auto_power_high: "47"
auto_power_level: "enable"
auto_power_low: "49"
band: "802.11a"
channel:
-
chan: "<your_own_value>"
override_analysis: "enable"
override_band: "enable"
override_channel: "enable"
override_txpower: "enable"
override_vaps: "enable"
power_level: "58"
radio_id: "59"
spectrum_analysis: "enable"
vap_all: "enable"
vaps:
-
name: "default_name_63 (source wireless-controller.vap-group.name wireless-controller.vap.name)"
radio_2:
auto_power_high: "65"
auto_power_level: "enable"
auto_power_low: "67"
band: "802.11a"
channel:
-
chan: "<your_own_value>"
override_analysis: "enable"
override_band: "enable"
override_channel: "enable"
override_txpower: "enable"
override_vaps: "enable"
power_level: "76"
radio_id: "77"
spectrum_analysis: "enable"
vap_all: "enable"
vaps:
-
name: "default_name_81 (source wireless-controller.vap-group.name wireless-controller.vap.name)"
split_tunneling_acl:
-
dest_ip: "<your_own_value>"
id: "84"
split_tunneling_acl_local_ap_subnet: "enable"
split_tunneling_acl_path: "tunnel"
tun_mtu_downlink: "87"
tun_mtu_uplink: "88"
wan_port_mode: "wan-lan"
wtp_id: "<your_own_value>"
wtp_mode: "normal"
wtp_profile: "<your_own_value> (source wireless-controller.wtp-profile.name)"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_wireless_controller_wtp_group – Configure WTP groups in Fortinet’s FortiOS and FortiGate.¶
New in version 2.9.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and wtp_group category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
- wireless_controller_wtp_group - Configure WTP groups. type: dict
- name - WTP group name. type: str required: True
- platform_type - FortiAP models to define the WTP group platform type. type: str choices: AP-11N, 220B, 210B, 222B, 112B, 320B, 11C, 14C, 223B, 28C, 320C, 221C, 25D, 222C, 224D, 214B, 21D, 24D, 112D, 223C, 321C, C220C, C225C, C23JD, C24JE, S321C, S322C, S323C, S311C, S313C, S321CR, S322CR, S323CR, S421E, S422E, S423E, 421E, 423E, 221E, 222E, 223E, 224E, S221E, S223E, U421E, U422EV, U423E, U221EV, U223EV, U24JEV, U321EV, U323EV
- wtps - WTP list. type: list
- wtp_id - WTP ID. Source wireless-controller.wtp.wtp-id. type: str
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure WTP groups.
fortios_wireless_controller_wtp_group:
vdom: "{{ vdom }}"
state: "present"
wireless_controller_wtp_group:
name: "default_name_3"
platform_type: "AP-11N"
wtps:
-
wtp_id: "<your_own_value> (source wireless-controller.wtp.wtp-id)"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
fortios_wireless_controller_wtp_profile – Configure WTP profiles or FortiAP profiles that define radio settings for manageable FortiAP platforms in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and wtp_profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- host - FortiOS or FortiGate IP address. type: str required: False
- username - FortiOS or FortiGate username. type: str required: False
- password - FortiOS or FortiGate password. type: str default:
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- https - Indicates if the requests towards FortiGate must use HTTPS protocol. type: bool default: True
- ssl_verify - Ensures FortiGate certificate must be verified by a proper CA. type: bool default: True
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- wireless_controller_wtp_profile - Configure WTP profiles or FortiAP profiles that define radio settings for manageable FortiAP platforms. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- allowaccess - Control management access to the managed WTP, FortiAP, or AP. Separate entries with a space. type: str choices: telnet, http, https, ssh
- ap_country - Country in which this WTP, FortiAP or AP will operate . type: str choices: NA, AL, DZ, AO, AR, AM, AU, AT, AZ, BH, BD, BB, BY, BE, BZ, BO, BA, BR, BN, BG, KH, CL, CN, CO, CR, HR, CY, CZ, DK, DO, EC, EG, SV, EE, FI, FR, GE, DE, GR, GL, GD, GU, GT, HT, HN, HK, HU, IS, IN, ID, IR, IE, IL, IT, JM, JO, KZ, KE, KP, KR, KW, LV, LB, LI, LT, LU, MO, MK, MY, MT, MX, MC, MA, MZ, MM, NP, NL, AN, AW, NZ, False, OM, PK, PA, PG, PY, PE, PH, PL, PT, PR, QA, RO, RU, RW, SA, RS, ME, SG, SK, SI, ZA, ES, LK, SE, SD, CH, SY, TW, TZ, TH, TT, TN, TR, AE, UA, GB, US, PS, UY, UZ, VE, VN, YE, ZB, ZW, JP, CA
- ble_profile - Bluetooth Low Energy profile name. Source wireless-controller.ble-profile.name. type: str
- comment - Comment. type: str
- control_message_offload - Enable/disable CAPWAP control message data channel offload. type: str choices: ebp-frame, aeroscout-tag, ap-list, sta-list, sta-cap-list, stats, aeroscout-mu
- deny_mac_list - List of MAC addresses that are denied access to this WTP, FortiAP, or AP. type: list
- id - ID. type: int required: True
- mac - A WiFi device with this MAC address is denied access to this WTP, FortiAP or AP. type: str
- dtls_in_kernel - Enable/disable data channel DTLS in kernel. type: str choices: enable, disable
- dtls_policy - WTP data channel DTLS policy . type: str choices: clear-text, dtls-enabled, ipsec-vpn
- energy_efficient_ethernet - Enable/disable use of energy efficient Ethernet on WTP. type: str choices: enable, disable
- ext_info_enable - Enable/disable station/VAP/radio extension information. type: str choices: enable, disable
- handoff_roaming - Enable/disable client load balancing during roaming to avoid roaming delay . type: str choices: enable, disable
- handoff_rssi - Minimum received signal strength indicator (RSSI) value for handoff (20 - 30). type: int
- handoff_sta_thresh - Threshold value for AP handoff. type: int
- ip_fragment_preventing - Select how to prevent IP fragmentation for CAPWAP tunneled control and data packets . type: str choices: tcp-mss-adjust, icmp-unreachable
- lan - WTP LAN port mapping. type: dict
- port_mode - LAN port mode. type: str choices: offline, nat-to-wan, bridge-to-wan, bridge-to-ssid
- port_ssid - Bridge LAN port to SSID. Source wireless-controller.vap.name. type: str
- port1_mode - LAN port 1 mode. type: str choices: offline, nat-to-wan, bridge-to-wan, bridge-to-ssid
- port1_ssid - Bridge LAN port 1 to SSID. Source wireless-controller.vap.name. type: str
- port2_mode - LAN port 2 mode. type: str choices: offline, nat-to-wan, bridge-to-wan, bridge-to-ssid
- port2_ssid - Bridge LAN port 2 to SSID. Source wireless-controller.vap.name. type: str
- port3_mode - LAN port 3 mode. type: str choices: offline, nat-to-wan, bridge-to-wan, bridge-to-ssid
- port3_ssid - Bridge LAN port 3 to SSID. Source wireless-controller.vap.name. type: str
- port4_mode - LAN port 4 mode. type: str choices: offline, nat-to-wan, bridge-to-wan, bridge-to-ssid
- port4_ssid - Bridge LAN port 4 to SSID. Source wireless-controller.vap.name. type: str
- port5_mode - LAN port 5 mode. type: str choices: offline, nat-to-wan, bridge-to-wan, bridge-to-ssid
- port5_ssid - Bridge LAN port 5 to SSID. Source wireless-controller.vap.name. type: str
- port6_mode - LAN port 6 mode. type: str choices: offline, nat-to-wan, bridge-to-wan, bridge-to-ssid
- port6_ssid - Bridge LAN port 6 to SSID. Source wireless-controller.vap.name. type: str
- port7_mode - LAN port 7 mode. type: str choices: offline, nat-to-wan, bridge-to-wan, bridge-to-ssid
- port7_ssid - Bridge LAN port 7 to SSID. Source wireless-controller.vap.name. type: str
- port8_mode - LAN port 8 mode. type: str choices: offline, nat-to-wan, bridge-to-wan, bridge-to-ssid
- port8_ssid - Bridge LAN port 8 to SSID. Source wireless-controller.vap.name. type: str
- lbs - Set various location based service (LBS) options. type: dict
- aeroscout - Enable/disable AeroScout Real Time Location Service (RTLS) support . type: str choices: enable, disable
- aeroscout_ap_mac - Use BSSID or board MAC address as AP MAC address in AeroScout AP messages . type: str choices: bssid, board-mac
- aeroscout_mmu_report - Enable/disable compounded AeroScout tag and MU report . type: str choices: enable, disable
- aeroscout_mu - Enable/disable AeroScout Mobile Unit (MU) support . type: str choices: enable, disable
- aeroscout_mu_factor - AeroScout MU mode dilution factor . type: int
- aeroscout_mu_timeout - AeroScout MU mode timeout (0 - 65535 sec). type: int
- aeroscout_server_ip - IP address of AeroScout server. type: str
- aeroscout_server_port - AeroScout server UDP listening port. type: int
- ekahau_blink_mode - Enable/disable Ekahau blink mode (now known as AiRISTA Flow) to track and locate WiFi tags . type: str choices: enable, disable
- ekahau_tag - WiFi frame MAC address or WiFi Tag. type: str
- erc_server_ip - IP address of Ekahau RTLS Controller (ERC). type: str
- erc_server_port - Ekahau RTLS Controller (ERC) UDP listening port. type: int
- fortipresence - Enable/disable FortiPresence to monitor the location and activity of WiFi clients even if they don"t connect to this WiFi network . type: str choices: foreign, both, disable
- fortipresence_frequency - FortiPresence report transmit frequency (5 - 65535 sec). type: int
- fortipresence_port - FortiPresence server UDP listening port . type: int
- fortipresence_project - FortiPresence project name (max. 16 characters). type: str
- fortipresence_rogue - Enable/disable FortiPresence finding and reporting rogue APs. type: str choices: enable, disable
- fortipresence_secret - FortiPresence secret password (max. 16 characters). type: str
- fortipresence_server - FortiPresence server IP address. type: str
- fortipresence_unassoc - Enable/disable FortiPresence finding and reporting unassociated stations. type: str choices: enable, disable
- station_locate - Enable/disable client station locating services for all clients, whether associated or not . type: str choices: enable, disable
- led_schedules - Recurring firewall schedules for illuminating LEDs on the FortiAP. If led-state is enabled, LEDs will be visible when at least one of the schedules is valid. Separate multiple schedule names with a space. type: list
- name - LED schedule name. Source firewall.schedule.group.name firewall.schedule.recurring.name. type: str required: True
- led_state - Enable/disable use of LEDs on WTP . type: str choices: enable, disable
- lldp - Enable/disable Link Layer Discovery Protocol (LLDP) for the WTP, FortiAP, or AP . type: str choices: enable, disable
- login_passwd - Set the managed WTP, FortiAP, or AP"s administrator password. type: str
- login_passwd_change - Change or reset the administrator password of a managed WTP, FortiAP or AP (yes, default, or no). type: str choices: True, default, False
- max_clients - Maximum number of stations (STAs) supported by the WTP . type: int
- name - WTP (or FortiAP or AP) profile name. type: str required: True
- platform - WTP, FortiAP, or AP platform. type: dict
- type - WTP, FortiAP or AP platform type. There are built-in WTP profiles for all supported FortiAP models. You can select a built-in profile and customize it or create a new profile. type: str choices: AP-11N, 220B, 210B, 222B, 112B, 320B, 11C, 14C, 223B, 28C, 320C, 221C, 25D, 222C, 224D, 214B, 21D, 24D, 112D, 223C, 321C, C220C, C225C, C23JD, C24JE, S321C, S322C, S323C, S311C, S313C, S321CR, S322CR, S323CR, S421E, S422E, S423E, 421E, 423E, 221E, 222E, 223E, 224E, S221E, S223E, U421E, U422EV, U423E, U221EV, U223EV, U24JEV, U321EV, U323EV
- poe_mode - Set the WTP, FortiAP, or AP"s PoE mode. type: str choices: auto, 8023af, 8023at, power-adapter
- radio_1 - Configuration options for radio 1. type: dict
- amsdu - Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients . type: str choices: enable, disable
- ap_handoff - Enable/disable AP handoff of clients to other APs . type: str choices: enable, disable
- ap_sniffer_addr - MAC address to monitor. type: str
- ap_sniffer_bufsize - Sniffer buffer size (1 - 32 MB). type: int
- ap_sniffer_chan - Channel on which to operate the sniffer . type: int
- ap_sniffer_ctl - Enable/disable sniffer on WiFi control frame . type: str choices: enable, disable
- ap_sniffer_data - Enable/disable sniffer on WiFi data frame . type: str choices: enable, disable
- ap_sniffer_mgmt_beacon - Enable/disable sniffer on WiFi management Beacon frames . type: str choices: enable, disable
- ap_sniffer_mgmt_other - Enable/disable sniffer on WiFi management other frames . type: str choices: enable, disable
- ap_sniffer_mgmt_probe - Enable/disable sniffer on WiFi management probe frames . type: str choices: enable, disable
- auto_power_high - Automatic transmit power high limit in dBm (the actual range of transmit power depends on the AP platform type). type: int
- auto_power_level - Enable/disable automatic power-level adjustment to prevent co-channel interference . type: str choices: enable, disable
- auto_power_low - Automatic transmission power low limit in dBm (the actual range of transmit power depends on the AP platform type). type: int
- band - WiFi band that Radio 1 operates on. type: str choices: 802.11a, 802.11b, 802.11g, 802.11n, 802.11n-5G, 802.11ac, 802.11n,g-only, 802.11g-only, 802.11n-only, 802.11n-5G-only, 802.11ac,n-only, 802.11ac-only
- bandwidth_admission_control - Enable/disable WiFi multimedia (WMM) bandwidth admission control to optimize WiFi bandwidth use. A request to join the wireless network is only allowed if the access point has enough bandwidth to support it. type: str choices: enable, disable
- bandwidth_capacity - Maximum bandwidth capacity allowed (1 - 600000 Kbps). type: int
- beacon_interval - Beacon interval. The time between beacon frames in msec (the actual range of beacon interval depends on the AP platform type). type: int
- call_admission_control - Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP calls are only accepted if there is enough bandwidth available to support them. type: str choices: enable, disable
- call_capacity - Maximum number of Voice over WLAN (VoWLAN) phones supported by the radio (0 - 60). type: int
- channel - Selected list of wireless radio channels. type: list
- chan - Channel number. type: str required: True
- channel_bonding - Channel bandwidth: 80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence. type: str choices: 80MHz, 40MHz, 20MHz
- channel_utilization - Enable/disable measuring channel utilization. type: str choices: enable, disable
- coexistence - Enable/disable allowing both HT20 and HT40 on the same radio . type: str choices: enable, disable
- darrp - Enable/disable Distributed Automatic Radio Resource Provisioning (DARRP) to make sure the radio is always using the most optimal channel . type: str choices: enable, disable
- dtim - DTIM interval. The frequency to transmit Delivery Traffic Indication Message (or Map) (DTIM) messages (1 - 255). Set higher to save client battery life. type: int
- frag_threshold - Maximum packet size that can be sent without fragmentation (800 - 2346 bytes). type: int
- frequency_handoff - Enable/disable frequency handoff of clients to other channels . type: str choices: enable, disable
- max_clients - Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware. type: int
- max_distance - Maximum expected distance between the AP and clients (0 - 54000 m). type: int
- mode - Mode of radio 1. Radio 1 can be disabled, configured as an access point, a rogue AP monitor, or a sniffer. type: str choices: disabled, ap, monitor, sniffer
- power_level - Radio power level as a percentage of the maximum transmit power (0 - 100). type: int
- powersave_optimize - Enable client power-saving features such as TIM, AC VO, and OBSS etc. type: str choices: tim, ac-vo, no-obss-scan, no-11b-rate, client-rate-follow
- protection_mode - Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable). type: str choices: rtscts, ctsonly, disable
- radio_id - radio-id type: int
- rts_threshold - Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS (256 - 2346 bytes). type: int
- short_guard_interval - Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns. type: str choices: enable, disable
- spectrum_analysis - Enable/disable spectrum analysis to find interference that would negatively impact wireless performance. type: str choices: enable, disable
- transmit_optimize - Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by default. type: str choices: disable, power-save, aggr-limit, retry-limit, send-bar
- vap_all - Enable/disable the automatic inheritance of all Virtual Access Points (VAPs) . type: str choices: enable, disable
- vaps - Manually selected list of Virtual Access Points (VAPs). type: list
- name - Virtual Access Point (VAP) name. Source wireless-controller.vap-group.name wireless-controller.vap.name. type: str required: True
- wids_profile - Wireless Intrusion Detection System (WIDS) profile name to assign to the radio. Source wireless-controller.wids-profile.name. type: str
- radio_2 - Configuration options for radio 2. type: dict
- amsdu - Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients . type: str choices: enable, disable
- ap_handoff - Enable/disable AP handoff of clients to other APs . type: str choices: enable, disable
- ap_sniffer_addr - MAC address to monitor. type: str
- ap_sniffer_bufsize - Sniffer buffer size (1 - 32 MB). type: int
- ap_sniffer_chan - Channel on which to operate the sniffer . type: int
- ap_sniffer_ctl - Enable/disable sniffer on WiFi control frame . type: str choices: enable, disable
- ap_sniffer_data - Enable/disable sniffer on WiFi data frame . type: str choices: enable, disable
- ap_sniffer_mgmt_beacon - Enable/disable sniffer on WiFi management Beacon frames . type: str choices: enable, disable
- ap_sniffer_mgmt_other - Enable/disable sniffer on WiFi management other frames . type: str choices: enable, disable
- ap_sniffer_mgmt_probe - Enable/disable sniffer on WiFi management probe frames . type: str choices: enable, disable
- auto_power_high - Automatic transmit power high limit in dBm (the actual range of transmit power depends on the AP platform type). type: int
- auto_power_level - Enable/disable automatic power-level adjustment to prevent co-channel interference . type: str choices: enable, disable
- auto_power_low - Automatic transmission power low limit in dBm (the actual range of transmit power depends on the AP platform type). type: int
- band - WiFi band that Radio 2 operates on. type: str choices: 802.11a, 802.11b, 802.11g, 802.11n, 802.11n-5G, 802.11ac, 802.11n,g-only, 802.11g-only, 802.11n-only, 802.11n-5G-only, 802.11ac,n-only, 802.11ac-only
- bandwidth_admission_control - Enable/disable WiFi multimedia (WMM) bandwidth admission control to optimize WiFi bandwidth use. A request to join the wireless network is only allowed if the access point has enough bandwidth to support it. type: str choices: enable, disable
- bandwidth_capacity - Maximum bandwidth capacity allowed (1 - 600000 Kbps). type: int
- beacon_interval - Beacon interval. The time between beacon frames in msec (the actual range of beacon interval depends on the AP platform type). type: int
- call_admission_control - Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP calls are only accepted if there is enough bandwidth available to support them. type: str choices: enable, disable
- call_capacity - Maximum number of Voice over WLAN (VoWLAN) phones supported by the radio (0 - 60). type: int
- channel - Selected list of wireless radio channels. type: list
- chan - Channel number. type: str required: True
- channel_bonding - Channel bandwidth: 80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence. type: str choices: 80MHz, 40MHz, 20MHz
- channel_utilization - Enable/disable measuring channel utilization. type: str choices: enable, disable
- coexistence - Enable/disable allowing both HT20 and HT40 on the same radio . type: str choices: enable, disable
- darrp - Enable/disable Distributed Automatic Radio Resource Provisioning (DARRP) to make sure the radio is always using the most optimal channel . type: str choices: enable, disable
- dtim - DTIM interval. The frequency to transmit Delivery Traffic Indication Message (or Map) (DTIM) messages (1 - 255). Set higher to save client battery life. type: int
- frag_threshold - Maximum packet size that can be sent without fragmentation (800 - 2346 bytes). type: int
- frequency_handoff - Enable/disable frequency handoff of clients to other channels . type: str choices: enable, disable
- max_clients - Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware. type: int
- max_distance - Maximum expected distance between the AP and clients (0 - 54000 m). type: int
- mode - Mode of radio 2. Radio 2 can be disabled, configured as an access point, a rogue AP monitor, or a sniffer. type: str choices: disabled, ap, monitor, sniffer
- power_level - Radio power level as a percentage of the maximum transmit power (0 - 100). type: int
- powersave_optimize - Enable client power-saving features such as TIM, AC VO, and OBSS etc. type: str choices: tim, ac-vo, no-obss-scan, no-11b-rate, client-rate-follow
- protection_mode - Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable). type: str choices: rtscts, ctsonly, disable
- radio_id - radio-id type: int
- rts_threshold - Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS (256 - 2346 bytes). type: int
- short_guard_interval - Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns. type: str choices: enable, disable
- spectrum_analysis - Enable/disable spectrum analysis to find interference that would negatively impact wireless performance. type: str choices: enable, disable
- transmit_optimize - Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by default. type: str choices: disable, power-save, aggr-limit, retry-limit, send-bar
- vap_all - Enable/disable the automatic inheritance of all Virtual Access Points (VAPs) . type: str choices: enable, disable
- vaps - Manually selected list of Virtual Access Points (VAPs). type: list
- name - Virtual Access Point (VAP) name. Source wireless-controller.vap-group.name wireless-controller.vap.name. type: str required: True
- wids_profile - Wireless Intrusion Detection System (WIDS) profile name to assign to the radio. Source wireless-controller.wids-profile.name. type: str
- split_tunneling_acl - Split tunneling ACL filter list. type: list
- dest_ip - Destination IP and mask for the split-tunneling subnet. type: str
- id - ID. type: int required: True
- split_tunneling_acl_local_ap_subnet - Enable/disable automatically adding local subnetwork of FortiAP to split-tunneling ACL . type: str choices: enable, disable
- split_tunneling_acl_path - Split tunneling ACL path is local/tunnel. type: str choices: tunnel, local
- tun_mtu_downlink - Downlink CAPWAP tunnel MTU (0, 576, or 1500 bytes). type: int
- tun_mtu_uplink - Uplink CAPWAP tunnel MTU (0, 576, or 1500 bytes). type: int
- wan_port_mode - Enable/disable using a WAN port as a LAN port. type: str choices: wan-lan, wan-only
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure WTP profiles or FortiAP profiles that define radio settings for manageable FortiAP platforms.
fortios_wireless_controller_wtp_profile:
vdom: "{{ vdom }}"
state: "present"
wireless_controller_wtp_profile:
allowaccess: "telnet"
ap_country: "NA"
ble_profile: "<your_own_value> (source wireless-controller.ble-profile.name)"
comment: "Comment."
control_message_offload: "ebp-frame"
deny_mac_list:
-
id: "9"
mac: "<your_own_value>"
dtls_in_kernel: "enable"
dtls_policy: "clear-text"
energy_efficient_ethernet: "enable"
ext_info_enable: "enable"
handoff_roaming: "enable"
handoff_rssi: "16"
handoff_sta_thresh: "17"
ip_fragment_preventing: "tcp-mss-adjust"
lan:
port_mode: "offline"
port_ssid: "<your_own_value> (source wireless-controller.vap.name)"
port1_mode: "offline"
port1_ssid: "<your_own_value> (source wireless-controller.vap.name)"
port2_mode: "offline"
port2_ssid: "<your_own_value> (source wireless-controller.vap.name)"
port3_mode: "offline"
port3_ssid: "<your_own_value> (source wireless-controller.vap.name)"
port4_mode: "offline"
port4_ssid: "<your_own_value> (source wireless-controller.vap.name)"
port5_mode: "offline"
port5_ssid: "<your_own_value> (source wireless-controller.vap.name)"
port6_mode: "offline"
port6_ssid: "<your_own_value> (source wireless-controller.vap.name)"
port7_mode: "offline"
port7_ssid: "<your_own_value> (source wireless-controller.vap.name)"
port8_mode: "offline"
port8_ssid: "<your_own_value> (source wireless-controller.vap.name)"
lbs:
aeroscout: "enable"
aeroscout_ap_mac: "bssid"
aeroscout_mmu_report: "enable"
aeroscout_mu: "enable"
aeroscout_mu_factor: "43"
aeroscout_mu_timeout: "44"
aeroscout_server_ip: "<your_own_value>"
aeroscout_server_port: "46"
ekahau_blink_mode: "enable"
ekahau_tag: "<your_own_value>"
erc_server_ip: "<your_own_value>"
erc_server_port: "50"
fortipresence: "foreign"
fortipresence_frequency: "52"
fortipresence_port: "53"
fortipresence_project: "<your_own_value>"
fortipresence_rogue: "enable"
fortipresence_secret: "<your_own_value>"
fortipresence_server: "<your_own_value>"
fortipresence_unassoc: "enable"
station_locate: "enable"
led_schedules:
-
name: "default_name_61 (source firewall.schedule.group.name firewall.schedule.recurring.name)"
led_state: "enable"
lldp: "enable"
login_passwd: "<your_own_value>"
login_passwd_change: "yes"
max_clients: "66"
name: "default_name_67"
platform:
type: "AP-11N"
poe_mode: "auto"
radio_1:
amsdu: "enable"
ap_handoff: "enable"
ap_sniffer_addr: "<your_own_value>"
ap_sniffer_bufsize: "75"
ap_sniffer_chan: "76"
ap_sniffer_ctl: "enable"
ap_sniffer_data: "enable"
ap_sniffer_mgmt_beacon: "enable"
ap_sniffer_mgmt_other: "enable"
ap_sniffer_mgmt_probe: "enable"
auto_power_high: "82"
auto_power_level: "enable"
auto_power_low: "84"
band: "802.11a"
bandwidth_admission_control: "enable"
bandwidth_capacity: "87"
beacon_interval: "88"
call_admission_control: "enable"
call_capacity: "90"
channel:
-
chan: "<your_own_value>"
channel_bonding: "80MHz"
channel_utilization: "enable"
coexistence: "enable"
darrp: "enable"
dtim: "97"
frag_threshold: "98"
frequency_handoff: "enable"
max_clients: "100"
max_distance: "101"
mode: "disabled"
power_level: "103"
powersave_optimize: "tim"
protection_mode: "rtscts"
radio_id: "106"
rts_threshold: "107"
short_guard_interval: "enable"
spectrum_analysis: "enable"
transmit_optimize: "disable"
vap_all: "enable"
vaps:
-
name: "default_name_113 (source wireless-controller.vap-group.name wireless-controller.vap.name)"
wids_profile: "<your_own_value> (source wireless-controller.wids-profile.name)"
radio_2:
amsdu: "enable"
ap_handoff: "enable"
ap_sniffer_addr: "<your_own_value>"
ap_sniffer_bufsize: "119"
ap_sniffer_chan: "120"
ap_sniffer_ctl: "enable"
ap_sniffer_data: "enable"
ap_sniffer_mgmt_beacon: "enable"
ap_sniffer_mgmt_other: "enable"
ap_sniffer_mgmt_probe: "enable"
auto_power_high: "126"
auto_power_level: "enable"
auto_power_low: "128"
band: "802.11a"
bandwidth_admission_control: "enable"
bandwidth_capacity: "131"
beacon_interval: "132"
call_admission_control: "enable"
call_capacity: "134"
channel:
-
chan: "<your_own_value>"
channel_bonding: "80MHz"
channel_utilization: "enable"
coexistence: "enable"
darrp: "enable"
dtim: "141"
frag_threshold: "142"
frequency_handoff: "enable"
max_clients: "144"
max_distance: "145"
mode: "disabled"
power_level: "147"
powersave_optimize: "tim"
protection_mode: "rtscts"
radio_id: "150"
rts_threshold: "151"
short_guard_interval: "enable"
spectrum_analysis: "enable"
transmit_optimize: "disable"
vap_all: "enable"
vaps:
-
name: "default_name_157 (source wireless-controller.vap-group.name wireless-controller.vap.name)"
wids_profile: "<your_own_value> (source wireless-controller.wids-profile.name)"
split_tunneling_acl:
-
dest_ip: "<your_own_value>"
id: "161"
split_tunneling_acl_local_ap_subnet: "enable"
split_tunneling_acl_path: "tunnel"
tun_mtu_downlink: "164"
tun_mtu_uplink: "165"
wan_port_mode: "wan-lan"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3