fortios_endpoint_control_profile – Configure FortiClient endpoint control profiles in Fortinet’s FortiOS and FortiGate.¶
New in version 2.0.0.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify endpoint_control feature and profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
Parameters¶
- access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
- enable_log - Enable/Disable logging for task. type: bool required: false default: False
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- member_path - Member attribute path to operate on. type: str
- member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
- state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
- endpoint_control_profile - Configure FortiClient endpoint control profiles. type: dict more...
- description - Description. type: str more...
- device_groups - Device groups. type: list more...
- name - Device group object from available options. Source user.device-group.name user.device-category.name. type: str more...
- forticlient_android_settings - FortiClient settings for Android platform. type: dict more...
- disable_wf_when_protected - Enable/disable FortiClient web category filtering when protected by FortiGate. type: str choices: enable, disable more...
- forticlient_advanced_vpn - Enable/disable advanced FortiClient VPN configuration. type: str choices: enable, disable more...
- forticlient_advanced_vpn_buffer - Advanced FortiClient VPN configuration. type: str more...
- forticlient_vpn_provisioning - Enable/disable FortiClient VPN provisioning. type: str choices: enable, disable more...
- forticlient_vpn_settings - FortiClient VPN settings. type: list more...
- auth_method - Authentication method. type: str choices: psk, certificate more...
- name - VPN name. type: str more...
- preshared_key - Pre-shared secret for PSK authentication. type: str more...
- remote_gw - IP address or FQDN of the remote VPN gateway. type: str more...
- sslvpn_access_port - SSL VPN access port (1 - 65535). type: int more...
- sslvpn_require_certificate - Enable/disable requiring SSL VPN client certificate. type: str choices: enable, disable more...
- type - VPN type (IPsec or SSL VPN). type: str choices: ipsec, ssl more...
- forticlient_wf - Enable/disable FortiClient web filtering. type: str choices: enable, disable more...
- forticlient_wf_profile - The FortiClient web filter profile to apply. Source webfilter.profile.name. type: str more...
- forticlient_ios_settings - FortiClient settings for iOS platform. type: dict more...
- client_vpn_provisioning - FortiClient VPN provisioning. type: str choices: enable, disable more...
- client_vpn_settings - FortiClient VPN settings. type: list more...
- auth_method - Authentication method. type: str choices: psk, certificate more...
- name - VPN name. type: str more...
- preshared_key - Pre-shared secret for PSK authentication. type: str more...
- remote_gw - IP address or FQDN of the remote VPN gateway. type: str more...
- sslvpn_access_port - SSL VPN access port (1 - 65535). type: int more...
- sslvpn_require_certificate - Enable/disable requiring SSL VPN client certificate. type: str choices: enable, disable more...
- type - VPN type (IPsec or SSL VPN). type: str choices: ipsec, ssl more...
- vpn_configuration_content - Content of VPN configuration. type: str more...
- vpn_configuration_name - Name of VPN configuration. type: str more...
- configuration_content - Content of configuration profile. type: str more...
- configuration_name - Name of configuration profile. type: str more...
- disable_wf_when_protected - Enable/disable FortiClient web category filtering when protected by FortiGate. type: str choices: enable, disable more...
- distribute_configuration_profile - Enable/disable configuration profile (.mobileconfig file) distribution. type: str choices: enable, disable more...
- forticlient_wf - Enable/disable FortiClient web filtering. type: str choices: enable, disable more...
- forticlient_wf_profile - The FortiClient web filter profile to apply. Source webfilter.profile.name. type: str more...
- forticlient_winmac_settings - FortiClient settings for Windows/Mac platform. type: dict more...
- av_realtime_protection - Enable/disable FortiClient AntiVirus real-time protection. type: str choices: enable, disable more...
- av_signature_up_to_date - Enable/disable FortiClient AV signature updates. type: str choices: enable, disable more...
- forticlient_application_firewall - Enable/disable the FortiClient application firewall. type: str choices: enable, disable more...
- forticlient_application_firewall_list - FortiClient application firewall rule list. Source application.list.name. type: str more...
- forticlient_av - Enable/disable FortiClient AntiVirus scanning. type: str choices: enable, disable more...
- forticlient_ems_compliance - Enable/disable FortiClient Enterprise Management Server (EMS) compliance. type: str choices: enable, disable more...
- forticlient_ems_compliance_action - FortiClient EMS compliance action. type: str choices: block, warning more...
- forticlient_ems_entries - FortiClient EMS entries. type: list more...
- name - FortiClient EMS name. Source endpoint-control.forticlient-ems.name. type: str more...
- forticlient_linux_ver - Minimum FortiClient Linux version. type: str more...
- forticlient_log_upload - Enable/disable uploading FortiClient logs. type: str choices: enable, disable more...
- forticlient_log_upload_level - Select the FortiClient logs to upload. type: str choices: traffic, vulnerability, event more...
- forticlient_log_upload_server - IP address or FQDN of the server to which to upload FortiClient logs. type: str more...
- forticlient_mac_ver - Minimum FortiClient Mac OS version. type: str more...
- forticlient_minimum_software_version - Enable/disable requiring clients to run FortiClient with a minimum software version number. type: str choices: enable, disable more...
- forticlient_operating_system - FortiClient operating system. type: list more...
- id - Operating system entry ID. type: int more...
- os_name - Customize operating system name or Mac OS format:x.x.x type: str more...
- os_type - Operating system type. type: str choices: custom, mac-os, win-7, win-80, win-81, win-10, win-2000, win-home-svr, win-svr-10, win-svr-2003, win-svr-2003-r2, win-svr-2008, win-svr-2008-r2, win-svr-2012, win-svr-2012-r2, win-sto-svr-2003, win-vista, win-xp, ubuntu-linux, centos-linux, redhat-linux, fedora-linux more...
- forticlient_own_file - Checking the path and filename of the FortiClient application. type: list more...
- forticlient_registration_compliance_action - FortiClient registration compliance action. type: str choices: block, warning more...
- forticlient_registry_entry - FortiClient registry entry. type: list more...
- forticlient_running_app - Use FortiClient to verify if the listed applications are running on the client. type: list more...
- app_name - Application name. type: str more...
- app_sha256_signature - App"s SHA256 signature. type: str more...
- app_sha256_signature2 - App"s SHA256 Signature. type: str more...
- app_sha256_signature3 - App"s SHA256 Signature. type: str more...
- app_sha256_signature4 - App"s SHA256 Signature. type: str more...
- application_check_rule - Application check rule. type: str choices: present, absent more...
- id - Application ID. type: int more...
- process_name - Process name. type: str more...
- process_name2 - Process name. type: str more...
- process_name3 - Process name. type: str more...
- process_name4 - Process name. type: str more...
- forticlient_security_posture - Enable/disable FortiClient security posture check options. type: str choices: enable, disable more...
- forticlient_security_posture_compliance_action - FortiClient security posture compliance action. type: str choices: block, warning more...
- forticlient_system_compliance - Enable/disable enforcement of FortiClient system compliance. type: str choices: enable, disable more...
- forticlient_system_compliance_action - Block or warn clients not compliant with FortiClient requirements. type: str choices: block, warning more...
- forticlient_vuln_scan - Enable/disable FortiClient vulnerability scanning. type: str choices: enable, disable more...
- forticlient_vuln_scan_compliance_action - FortiClient vulnerability compliance action. type: str choices: block, warning more...
- forticlient_vuln_scan_enforce - Configure the level of the vulnerability found that causes a FortiClient vulnerability compliance action. type: str choices: critical, high, medium, low, info more...
- forticlient_vuln_scan_enforce_grace - FortiClient vulnerability scan enforcement grace period (0 - 30 days). type: int more...
- forticlient_vuln_scan_exempt - Enable/disable compliance exemption for vulnerabilities that cannot be patched automatically. type: str choices: enable, disable more...
- forticlient_wf - Enable/disable FortiClient web filtering. type: str choices: enable, disable more...
- forticlient_wf_profile - The FortiClient web filter profile to apply. Source webfilter.profile.name. type: str more...
- forticlient_win_ver - Minimum FortiClient Windows version. type: str more...
- os_av_software_installed - Enable/disable checking for OS recognized AntiVirus software. type: str choices: enable, disable more...
- sandbox_address - FortiSandbox address. type: str more...
- sandbox_analysis - Enable/disable sending files to FortiSandbox for analysis. type: str choices: enable, disable more...
- on_net_addr - Addresses for on-net detection. type: list more...
- name - Address object from available options. Source firewall.address.name firewall.addrgrp.name. type: str more...
- profile_name - Profile name. type: str more...
- replacemsg_override_group - Select an endpoint control replacement message override group from available options. Source system.replacemsg-group.name. type: str more...
- src_addr - Source addresses. type: list more...
- name - Address object from available options. Source firewall.address.name firewall.addrgrp.name. type: str more...
- user_groups - User groups. type: list more...
- name - User group name. Source user.group.name. type: str more...
- users - Users. type: list more...
- name - User name. Source user.local.name. type: str more...
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure FortiClient endpoint control profiles.
fortios_endpoint_control_profile:
vdom: "{{ vdom }}"
state: "present"
access_token: "<your_own_value>"
endpoint_control_profile:
description: "<your_own_value>"
device_groups:
-
name: "default_name_5 (source user.device-group.name user.device-category.name)"
forticlient_android_settings:
disable_wf_when_protected: "enable"
forticlient_advanced_vpn: "enable"
forticlient_advanced_vpn_buffer: "<your_own_value>"
forticlient_vpn_provisioning: "enable"
forticlient_vpn_settings:
-
auth_method: "psk"
name: "default_name_13"
preshared_key: "<your_own_value>"
remote_gw: "<your_own_value>"
sslvpn_access_port: "32767"
sslvpn_require_certificate: "enable"
type: "ipsec"
forticlient_wf: "enable"
forticlient_wf_profile: "<your_own_value> (source webfilter.profile.name)"
forticlient_ios_settings:
client_vpn_provisioning: "enable"
client_vpn_settings:
-
auth_method: "psk"
name: "default_name_25"
preshared_key: "<your_own_value>"
remote_gw: "<your_own_value>"
sslvpn_access_port: "32767"
sslvpn_require_certificate: "enable"
type: "ipsec"
vpn_configuration_content: "<your_own_value>"
vpn_configuration_name: "<your_own_value>"
configuration_content: "<your_own_value>"
configuration_name: "<your_own_value>"
disable_wf_when_protected: "enable"
distribute_configuration_profile: "enable"
forticlient_wf: "enable"
forticlient_wf_profile: "<your_own_value> (source webfilter.profile.name)"
forticlient_winmac_settings:
av_realtime_protection: "enable"
av_signature_up_to_date: "enable"
forticlient_application_firewall: "enable"
forticlient_application_firewall_list: "<your_own_value> (source application.list.name)"
forticlient_av: "enable"
forticlient_ems_compliance: "enable"
forticlient_ems_compliance_action: "block"
forticlient_ems_entries:
-
name: "default_name_48 (source endpoint-control.forticlient-ems.name)"
forticlient_linux_ver: "<your_own_value>"
forticlient_log_upload: "enable"
forticlient_log_upload_level: "traffic"
forticlient_log_upload_server: "<your_own_value>"
forticlient_mac_ver: "<your_own_value>"
forticlient_minimum_software_version: "enable"
forticlient_operating_system:
-
id: "56"
os_name: "<your_own_value>"
os_type: "custom"
forticlient_own_file:
-
file: "<your_own_value>"
id: "61"
forticlient_registration_compliance_action: "block"
forticlient_registry_entry:
-
id: "64"
registry_entry: "<your_own_value>"
forticlient_running_app:
-
app_name: "<your_own_value>"
app_sha256_signature: "<your_own_value>"
app_sha256_signature2: "<your_own_value>"
app_sha256_signature3: "<your_own_value>"
app_sha256_signature4: "<your_own_value>"
application_check_rule: "present"
id: "73"
process_name: "<your_own_value>"
process_name2: "<your_own_value>"
process_name3: "<your_own_value>"
process_name4: "<your_own_value>"
forticlient_security_posture: "enable"
forticlient_security_posture_compliance_action: "block"
forticlient_system_compliance: "enable"
forticlient_system_compliance_action: "block"
forticlient_vuln_scan: "enable"
forticlient_vuln_scan_compliance_action: "block"
forticlient_vuln_scan_enforce: "critical"
forticlient_vuln_scan_enforce_grace: "15"
forticlient_vuln_scan_exempt: "enable"
forticlient_wf: "enable"
forticlient_wf_profile: "<your_own_value> (source webfilter.profile.name)"
forticlient_win_ver: "<your_own_value>"
os_av_software_installed: "enable"
sandbox_address: "<your_own_value>"
sandbox_analysis: "enable"
on_net_addr:
-
name: "default_name_94 (source firewall.address.name firewall.addrgrp.name)"
profile_name: "<your_own_value>"
replacemsg_override_group: "<your_own_value> (source system.replacemsg-group.name)"
src_addr:
-
name: "default_name_98 (source firewall.address.name firewall.addrgrp.name)"
user_groups:
-
name: "default_name_100 (source user.group.name)"
users:
-
name: "default_name_102 (source user.local.name)"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3