fortios_firewall_mms_profile – Configure MMS profiles in Fortinet’s FortiOS and FortiGate.¶
New in version 2.0.0.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and mms_profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
FortiOS Version Compatibility¶
v6.0.0 |
v6.0.5 |
v6.0.11 |
v6.2.0 |
v6.2.3 |
v6.2.5 |
v6.2.7 |
|
fortios_firewall_mms_profile | yes | yes | yes | yes | yes | yes | yes |
Parameters¶
- access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
- enable_log - Enable/Disable logging for task. type: bool required: false default: False
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- member_path - Member attribute path to operate on. type: str
- member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
- state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
- firewall_mms_profile - Configure MMS profiles. type: dict more...
- avnotificationtable - AntiVirus notification table ID. Source antivirus.notification.id. type: int more...
- bwordtable - MMS banned word table ID. Source webfilter.content.id. type: int more...
- carrier_endpoint_prefix - Enable/disable prefixing of end point values. type: str choices: enable, disable more...
- carrier_endpoint_prefix_range_max - Maximum length of end point value that can be prefixed (1 - 48). type: int more...
- carrier_endpoint_prefix_range_min - Minimum end point length to be prefixed (1 - 48). type: int more...
- carrier_endpoint_prefix_string - String with which to prefix End point values. type: str more...
- carrierendpointbwltable - Carrier end point filter table ID. Source firewall.carrier-endpoint-bwl.id. type: int more...
- comment - Comment. type: str more...
- dupe - Duplicate configuration. type: list member_path: dupe:protocol more...
- action1 - Action to take when threshold reached. type: list choices: block, archive, log, archive-first, alert-notif more...
- action2 - Action to take when threshold reached. type: list choices: block, archive, log, archive-first, alert-notif more...
- action3 - Action to take when threshold reached. type: list choices: block, archive, log, archive-first, alert-notif more...
- block_time1 - Duration for which action takes effect (0 - 35791 min). type: int more...
- block_time2 - Duration for which action takes effect (0 - 35791 min). type: int more...
- block_time3 - Duration action takes effect (0 - 35791 min). type: int more...
- limit1 - Maximum number of messages allowed. type: int more...
- limit2 - Maximum number of messages allowed. type: int more...
- limit3 - Maximum number of messages allowed. type: int more...
- protocol - Protocol. type: str required: true more...
- status1 - Enable/disable status1 detection. type: str choices: enable, disable more...
- status2 - Enable/disable status2 detection. type: str choices: enable, disable more...
- status3 - Enable/disable status3 detection. type: str choices: enable, disable more...
- window1 - Window to count messages over (1 - 2880 min). type: int more...
- window2 - Window to count messages over (1 - 2880 min). type: int more...
- window3 - Window to count messages over (1 - 2880 min). type: int more...
- extended_utm_log - Enable/disable detailed UTM log messages. type: str more...
- flood - Flood configuration. type: list member_path: flood:protocol more...
- action1 - Action to take when threshold reached. type: list choices: block, archive, log, archive-first, alert-notif more...
- action2 - Action to take when threshold reached. type: list choices: block, archive, log, archive-first, alert-notif more...
- action3 - Action to take when threshold reached. type: list choices: block, archive, log, archive-first, alert-notif more...
- block_time1 - Duration for which action takes effect (0 - 35791 min). type: int more...
- block_time2 - Duration for which action takes effect (0 - 35791 min). type: int more...
- block_time3 - Duration action takes effect (0 - 35791 min). type: int more...
- limit1 - Maximum number of messages allowed. type: int more...
- limit2 - Maximum number of messages allowed. type: int more...
- limit3 - Maximum number of messages allowed. type: int more...
- protocol - Protocol. type: str required: true more...
- status1 - Enable/disable status1 detection. type: str choices: enable, disable more...
- status2 - Enable/disable status2 detection. type: str choices: enable, disable more...
- status3 - Enable/disable status3 detection. type: str choices: enable, disable more...
- window1 - Window to count messages over (1 - 2880 min). type: int more...
- window2 - Window to count messages over (1 - 2880 min). type: int more...
- window3 - Window to count messages over (1 - 2880 min). type: int more...
- mm1 - MM1 options. type: list choices: avmonitor, oversize, quarantine, scan, bannedword, chunkedbypass, clientcomfort, servercomfort, carrier-endpoint-bwl, remove-blocked, mms-checksum more...
- mm1_addr_hdr - HTTP header field (for MM1) containing user address. type: str more...
- mm1_addr_source - Source for MM1 user address. type: str choices: http-header, cookie more...
- mm1_convert_hex - Enable/disable converting user address from HEX string for MM1. type: str choices: enable, disable more...
- mm1_outbreak_prevention - Enable Virus Outbreak Prevention service. type: str choices: disabled, files, full-archive more...
- mm1_retr_dupe - Enable/disable duplicate scanning of MM1 retr. type: str choices: enable, disable more...
- mm1_retrieve_scan - Enable/disable scanning on MM1 retrieve configuration messages. type: str choices: enable, disable more...
- mm1comfortamount - MM1 comfort amount (0 - 4294967295). type: int more...
- mm1comfortinterval - MM1 comfort interval (0 - 4294967295). type: int more...
- mm1oversizelimit - Maximum file size to scan (1 - 819200 kB). type: int more...
- mm3 - MM3 options. type: list choices: avmonitor, oversize, quarantine, scan, bannedword, fragmail, splice, carrier-endpoint-bwl, remove-blocked, mms-checksum more...
- mm3_outbreak_prevention - Enable Virus Outbreak Prevention service. type: str choices: disabled, files, full-archive more...
- mm3oversizelimit - Maximum file size to scan (1 - 819200 kB). type: int more...
- mm4 - MM4 options. type: list choices: avmonitor, oversize, quarantine, scan, bannedword, fragmail, splice, carrier-endpoint-bwl, remove-blocked, mms-checksum more...
- mm4_outbreak_prevention - Enable Virus Outbreak Prevention service. type: str choices: disabled, files, full-archive more...
- mm4oversizelimit - Maximum file size to scan (1 - 819200 kB). type: int more...
- mm7 - MM7 options. type: list choices: avmonitor, oversize, quarantine, scan, bannedword, chunkedbypass, clientcomfort, servercomfort, carrier-endpoint-bwl, remove-blocked, mms-checksum more...
- mm7_addr_hdr - HTTP header field (for MM7) containing user address. type: str more...
- mm7_addr_source - Source for MM7 user address. type: str choices: http-header, cookie more...
- mm7_convert_hex - Enable/disable conversion of user address from HEX string for MM7. type: str choices: enable, disable more...
- mm7_outbreak_prevention - Enable Virus Outbreak Prevention service. type: str choices: disabled, files, full-archive more...
- mm7comfortamount - MM7 comfort amount (0 - 4294967295). type: int more...
- mm7comfortinterval - MM7 comfort interval (0 - 4294967295). type: int more...
- mm7oversizelimit - Maximum file size to scan (1 - 819200 kB). type: int more...
- mms_antispam_mass_log - Enable/disable logging for MMS antispam mass. type: str choices: enable, disable more...
- mms_av_block_log - Enable/disable logging for MMS antivirus file blocking. type: str choices: enable, disable more...
- mms_av_oversize_log - Enable/disable logging for MMS antivirus oversize file blocking. type: str choices: enable, disable more...
- mms_av_virus_log - Enable/disable logging for MMS antivirus scanning. type: str choices: enable, disable more...
- mms_carrier_endpoint_filter_log - Enable/disable logging for MMS end point filter blocking. type: str choices: enable, disable more...
- mms_checksum_log - Enable/disable MMS content checksum logging. type: str choices: enable, disable more...
- mms_checksum_table - MMS content checksum table ID. Source antivirus.mms-checksum.id. type: int more...
- mms_notification_log - Enable/disable logging for MMS notification messages. type: str choices: enable, disable more...
- mms_web_content_log - Enable/disable logging for MMS web content blocking. type: str choices: enable, disable more...
- mmsbwordthreshold - MMS banned word threshold. type: int more...
- name - Profile name. type: str required: true more...
- notif_msisdn - Notification for MSISDNs. type: list member_path: notif_msisdn:msisdn more...
- msisdn - Recipient MSISDN. type: str required: true more...
- threshold - Thresholds on which this MSISDN will receive an alert. type: list choices: flood-thresh-1, flood-thresh-2, flood-thresh-3, dupe-thresh-1, dupe-thresh-2, dupe-thresh-3 more...
- notification - Notification configuration. type: list member_path: notification:protocol more...
- alert_int - Alert notification send interval. type: int more...
- alert_int_mode - Alert notification interval mode. type: str choices: hours, minutes more...
- alert_src_msisdn - Specify from address for alert messages. type: str more...
- alert_status - Alert notification status. type: str choices: enable, disable more...
- bword_int - Banned word notification send interval. type: int more...
- bword_int_mode - Banned word notification interval mode. type: str choices: hours, minutes more...
- bword_status - Banned word notification status. type: str choices: enable, disable more...
- carrier_endpoint_bwl_int - Carrier end point black/white list notification send interval. type: int more...
- carrier_endpoint_bwl_int_mode - Carrier end point black/white list notification interval mode. type: str choices: hours, minutes more...
- carrier_endpoint_bwl_status - Carrier end point black/white list notification status. type: str choices: enable, disable more...
- days_allowed - Weekdays on which notification messages may be sent. type: list choices: sunday, monday, tuesday, wednesday, thursday, friday, saturday more...
- detect_server - Enable/disable automatic server address determination. type: str choices: enable, disable more...
- dupe_int - Duplicate notification send interval. type: int more...
- dupe_int_mode - Duplicate notification interval mode. type: str choices: hours, minutes more...
- dupe_status - Duplicate notification status. type: str choices: enable, disable more...
- file_block_int - File block notification send interval. type: int more...
- file_block_int_mode - File block notification interval mode. type: str choices: hours, minutes more...
- file_block_status - File block notification status. type: str choices: enable, disable more...
- flood_int - Flood notification send interval. type: int more...
- flood_int_mode - Flood notification interval mode. type: str choices: hours, minutes more...
- flood_status - Flood notification status. type: str choices: enable, disable more...
- from_in_header - Enable/disable insertion of from address in HTTP header. type: str choices: enable, disable more...
- mms_checksum_int - MMS checksum notification send interval. type: int more...
- mms_checksum_int_mode - MMS checksum notification interval mode. type: str choices: hours, minutes more...
- mms_checksum_status - MMS checksum notification status. type: str choices: enable, disable more...
- mmsc_hostname - Host name or IP address of the MMSC. type: str more...
- mmsc_password - Password required for authentication with the MMSC. type: str more...
- mmsc_port - Port used on the MMSC for sending MMS messages (1 - 65535). type: int more...
- mmsc_url - URL used on the MMSC for sending MMS messages. type: str more...
- mmsc_username - User name required for authentication with the MMSC. type: str more...
- msg_protocol - Protocol to use for sending notification messages. type: str choices: mm1, mm3, mm4, mm7 more...
- msg_type - MM7 message type. type: str choices: submit-req, deliver-req more...
- protocol - Protocol. type: str required: true more...
- rate_limit - Rate limit for sending notification messages (0 - 250). type: int more...
- tod_window_duration - Time of day window duration. type: str more...
- tod_window_end - Obsolete. type: str more...
- tod_window_start - Time of day window start. type: str more...
- user_domain - Domain name to which the user addresses belong. type: str more...
- vas_id - VAS identifier. type: str more...
- vasp_id - VASP identifier. type: str more...
- virus_int - Virus notification send interval. type: int more...
- virus_int_mode - Virus notification interval mode. type: str choices: hours, minutes more...
- virus_status - Virus notification status. type: str choices: enable, disable more...
- outbreak_prevention - Configure Virus Outbreak Prevention settings. type: dict more...
- external_blocklist - Enable/disable external malware blocklist. type: str choices: disable, enable more...
- ftgd_service - Enable/disable FortiGuard Virus outbreak prevention service. type: str choices: disable, enable more...
- remove_blocked_const_length - Enable/disable MMS replacement of blocked file constant length. type: str choices: enable, disable more...
- replacemsg_group - Replacement message group. Source system.replacemsg-group.name. type: str more...
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure MMS profiles.
fortios_firewall_mms_profile:
vdom: "{{ vdom }}"
state: "present"
access_token: "<your_own_value>"
firewall_mms_profile:
avnotificationtable: "2147483647"
bwordtable: "2147483647"
carrier_endpoint_prefix: "enable"
carrier_endpoint_prefix_range_max: "24"
carrier_endpoint_prefix_range_min: "24"
carrier_endpoint_prefix_string: "<your_own_value>"
carrierendpointbwltable: "2147483647"
comment: "Comment."
dupe:
-
action1: "block"
action2: "block"
action3: "block"
block_time1: "17895"
block_time2: "17895"
block_time3: "17895"
limit1: "1073741823"
limit2: "1073741823"
limit3: "1073741823"
protocol: "<your_own_value>"
status1: "enable"
status2: "enable"
status3: "enable"
window1: "1440"
window2: "1440"
window3: "1440"
extended_utm_log: "<your_own_value>"
flood:
-
action1: "block"
action2: "block"
action3: "block"
block_time1: "17895"
block_time2: "17895"
block_time3: "17895"
limit1: "1073741823"
limit2: "1073741823"
limit3: "1073741823"
protocol: "<your_own_value>"
status1: "enable"
status2: "enable"
status3: "enable"
window1: "1440"
window2: "1440"
window3: "1440"
mm1: "avmonitor"
mm1_addr_hdr: "<your_own_value>"
mm1_addr_source: "http-header"
mm1_convert_hex: "enable"
mm1_outbreak_prevention: "disabled"
mm1_retr_dupe: "enable"
mm1_retrieve_scan: "enable"
mm1comfortamount: "2147483647"
mm1comfortinterval: "2147483647"
mm1oversizelimit: "409600"
mm3: "avmonitor"
mm3_outbreak_prevention: "disabled"
mm3oversizelimit: "409600"
mm4: "avmonitor"
mm4_outbreak_prevention: "disabled"
mm4oversizelimit: "409600"
mm7: "avmonitor"
mm7_addr_hdr: "<your_own_value>"
mm7_addr_source: "http-header"
mm7_convert_hex: "enable"
mm7_outbreak_prevention: "disabled"
mm7comfortamount: "2147483647"
mm7comfortinterval: "2147483647"
mm7oversizelimit: "409600"
mms_antispam_mass_log: "enable"
mms_av_block_log: "enable"
mms_av_oversize_log: "enable"
mms_av_virus_log: "enable"
mms_carrier_endpoint_filter_log: "enable"
mms_checksum_log: "enable"
mms_checksum_table: "2147483647"
mms_notification_log: "enable"
mms_web_content_log: "enable"
mmsbwordthreshold: "1073741823"
name: "default_name_80"
notif_msisdn:
-
msisdn: "<your_own_value>"
threshold: "flood-thresh-1"
notification:
-
alert_int: "720"
alert_int_mode: "hours"
alert_src_msisdn: "<your_own_value>"
alert_status: "enable"
bword_int: "720"
bword_int_mode: "hours"
bword_status: "enable"
carrier_endpoint_bwl_int: "720"
carrier_endpoint_bwl_int_mode: "hours"
carrier_endpoint_bwl_status: "enable"
days_allowed: "sunday"
detect_server: "enable"
dupe_int: "720"
dupe_int_mode: "hours"
dupe_status: "enable"
file_block_int: "720"
file_block_int_mode: "hours"
file_block_status: "enable"
flood_int: "720"
flood_int_mode: "hours"
flood_status: "enable"
from_in_header: "enable"
mms_checksum_int: "720"
mms_checksum_int_mode: "hours"
mms_checksum_status: "enable"
mmsc_hostname: "myhostname"
mmsc_password: "<your_own_value>"
mmsc_port: "32767"
mmsc_url: "<your_own_value>"
mmsc_username: "<your_own_value>"
msg_protocol: "mm1"
msg_type: "submit-req"
protocol: "<your_own_value>"
rate_limit: "125"
tod_window_duration: "<your_own_value>"
tod_window_end: "<your_own_value>"
tod_window_start: "<your_own_value>"
user_domain: "<your_own_value>"
vas_id: "<your_own_value>"
vasp_id: "<your_own_value>"
virus_int: "720"
virus_int_mode: "hours"
virus_status: "enable"
outbreak_prevention:
external_blocklist: "disable"
ftgd_service: "disable"
remove_blocked_const_length: "enable"
replacemsg_group: "<your_own_value> (source system.replacemsg-group.name)"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3