fortios_monitor – Ansible Module for FortiOS Monitor API.

New in version 2.10.

Synopsis

• Request FortiOS appliances to perform specific actions or procedures. This module contain all the FortiOS monitor API.

Requirements

The below requirements are needed on the host that executes this module.

• install galaxy collection fortinet.fortios >= 2.0.0.

Parameters

• vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str required: False default: root
• enable_log - Enable/Disable logging for task. type: bool required: False default: False
• access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: False
• selector - Action taken in FortiOS appliance. type: str choices:

• Show full selector list...

  • activate.user.fortitoken - Activate a set of FortiTokens by serial number.
    • tokens - List of FortiToken serial numbers to activate. If omitted, all tokens will be used. type: array
  • add-license.registration.forticare - Add a FortiCare license.
    • registration_code - FortiCare contract number. type: string
  • add-license.registration.vdom - Add a VDOM license.
    • license - VDOM license key. type: string
  • add.firewall.clearpass-address - Add ClearPass address with SPT (System Posture Token) value.
    • endpoint_ip - Endpoint IPv4 address. type: array
    • spt - SPT value [healthy|checkup|transient|quarantine|infected|unknown*]. type: string
  • add.nsx.service - Add NSX service to connector.
    • mkey - NSX connector name. type: string
  • add_users.user.banned - Immediately add one or more users to the banned list.
    • ip_addresses - List of IP Addresses to ban. IPv4 and IPv6 addresses are allowed. type: array
    • expiry - Time until expiry in seconds. 0 for indefinite ban. type: int
  • backup-action.system.fortimanager - Import or update from FortiManager objects.
    • operation - Operation to perform on the given CMDB objects [import|update]. type: string
    • objects - Array of CMDB tables and mkeys. type: array
  • cancel.fortiview.session - Cancel a FortiView request session.
    • device - FortiView request session's device. [disk|faz] type: string
    • sessionid - Session ID to cancel. type: int
    • view_level - FortiView View level. type: string
    • report_by - Report by field. type: string
  • change-vdom-mode.system.admin - Switch between VDOM modes.
    • vdom-mode - VDOM mode [no-vdom|split-vdom|multi-vdom] type: string
  • clear-statistics.system.fortiguard - Immediately clear all FortiGuard statistics.
  • clear.system.sniffer - Clear the results of a specified packet capture.
    • mkey - ID of packet capture entry. type: int
  • clear_all.firewall.session - Immediately clear all active IPv4 and IPv6 sessions and IPS sessions of current VDOM.
  • clear_all.user.banned - Immediately clear all banned users.
  • clear_all.wifi.rogue_ap - Clear all detected rogue APs.
  • clear_counters.firewall.acl - Reset counters for one or more IPv4 ACLs by policy ID.
    • policy - Single policy ID to reset. type: int
  • clear_counters.firewall.acl6 - Reset counters for one or more IPv6 ACLs by policy ID.
    • policy - Single policy ID to reset. type: int
  • clear_counters.firewall.policy - Reset traffic statistics for one or more firewall policies by policy ID.
    • policy - Single policy ID to reset. type: int
  • clear_counters.firewall.proxy-policy - Reset traffic statistics for one or more explicit proxy policies by policy ID.
    • policy - Single policy ID to reset. type: int
  • clear_counters.firewall.security-policy - Reset traffic statistics for one or more security policies by policy ID.
    • policy - Single policy ID to reset. type: int
  • clear_tunnel.vpn.ssl - Remove all active tunnel sessions in current virtual domain.
  • clear_users.user.banned - Immediately clear a list of specific banned users by IP.
    • ip_addresses - List of banned user IPs to clear. IPv4 and IPv6 addresses are allowed. type: array
  • close.firewall.session - Close a specific firewall session that matches all provided criteria.
    • daddr - Destination address. type: string
    • dport - Destination port. type: int
    • pro - Protocol name [tcp|udp|icmp|...]. type: string
    • sport - Source port. type: int
    • saddr - Source address. type: string
  • config.system.fortimanager - Configure FortiManager IP. Register FortiManager if 'fortimanager_ip' is provided. Unregister FortiManager if only 'unregister' parameter is specified and set to true.
    • unregister - Unregister the FortiManager (default=false). type: boolean
    • fortimanager_ip - FortiManager IP address. type: string
  • connect.system.modem - Trigger a connect for the configured modem.
  • connect.wifi.network - When FortiWiFi is in client mode, connect to the specified network, if configured in the 'wifi' interface.
    • ssid - SSID of network to connect to. type: string
  • create.registration.forticare - Create a new FortiCare account.
    • city - City. type: string
    • first_name - First name. type: string
    • last_name - Last name. type: string
    • industry_id - Industry ID. type: int
    • orgsize_id - Organization size ID. type: int
    • title - Title. type: string
    • industry - Industry. type: string
    • company - Company. type: string
    • reseller_id - Reseller ID. type: int
    • state_code - State/Province code. type: string
    • phone - Phone number. type: string
    • state - State/Province. type: string
    • postal_code - Postal code. type: string
    • country_code - Country code. type: int
    • address - Address. type: string
    • reseller_name - Reseller name. type: string
    • password - Account password. type: string
    • email - Account email. type: string
  • create.registration.forticloud - Create a FortiCloud account.
    • send_logs - Send logs to FortiCloud. type: boolean
    • password - Account password. type: string
    • email - Account email. type: string
  • create.web-ui.custom-language - Upload custom language file to this Fortigate.
    • file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string
    • lang_name - Name of custom language entry. type: string
    • lang_comments - Comments of custom language entry. type: string
    • filename - Name of custom language file. type: string
  • deauth.user.firewall - Deauthenticate single, multiple, or all firewall users.
    • all - Set to true to deauthenticate all users. Other parameters will be ignored. type: boolean
    • users - Array of user objects to deauthenticate. Use this to deauthenticate multiple users at once. Each object should include the above properties. type: array
    • ip - User IP address. Required for both proxy and firewall users. type: string
    • user_type - User type [proxy|firewall]. Required for both proxy and firewall users. type: string
    • id - User ID. Required for both proxy and firewall users. type: int
    • ip_version - IP version [ip4|ip6]. Only required if user_type is firewall. type: string
    • method - Authentication method [fsso|rsso|ntlm|firewall|wsso|fsso_citrix|sso_guest]. Only required if user_type is firewall. type: string
  • delete.firewall.clearpass-address - Delete ClearPass address with SPT (System Posture Token) value.
    • endpoint_ip - Endpoint IPv4 address. type: array
    • spt - SPT value [healthy|checkup|transient|quarantine|infected|unknown*]. type: string
  • delete.log.local-report - Delete a local report.
    • mkeys - Local Report Name. type: array
  • delete.system.config-revision - Deletes one or more system configuration revisions.
    • config_ids - List of configuration ids. type: array
  • delete.system.config-script - Delete the history of config scripts.
    • id_list - List of config script history ids to delete. type: array
  • delete.vpn.ssl - Terminate the provided SSL-VPN session.
    • index - The session index. type: int
    • type - The session type [websession|subsession]. type: string
  • delete.webfilter.override - Delete a configured webfilter override.
    • mkey - ID of webfilter override to delete. type: string
  • dhcp-renew.system.interface - Renew DHCP lease of an interface.
    • mkey - Name of the interface. type: string
  • diagnose.extender-controller.extender - Execute diagnotic commands.
    • cmd - Command to execute. type: string
    • id - FortiExtender ID. type: string
  • disassociate.wifi.client - Disassociate a WiFi client from the FortiAP it's currently connected to. The client will need to reassociate with the same FortiAP or another to resume connectivity.
    • mac - MAC address. type: string
  • disconnect.system.ha-peer - Update configuration of peer in HA cluster.
    • interface - Name of the interface which should be assigned for management. type: string
    • ip - IP to assign to the selected interface. type: string
    • serial_no - Serial number of the HA member. type: string
    • mask - Full network mask to assign to the selected interface. type: string
  • disconnect.system.modem - Trigger a disconnect for the configured modem.
  • download.switch-controller.fsw-firmware - Download FortiSwitch firmware from FortiGuard to the FortiGate according to FortiSwitch image ID.
    • image_id - FortiSwitch image ID. type: string
  • download.wifi.firmware - Download FortiAP firmware from FortiGuard to the FortiGate according to FortiAP image ID.
    • image_id - FortiAP image ID. type: string
  • dump.system.com-log - Dump system com-log to file.
  • eject.system.usb-device - Eject USB drives for safe removal.
  • email.user.guest - Sent guest login details via email.
    • group - Guest group name. type: string
    • guest - Guest user IDs. type: array
  • factory-reset.switch-controller.managed-switch - Send 'Factory Reset' command to a given FortiSwitch.
    • mkey - Name of managed FortiSwitch. type: string
  • generate-key.system.api-user - Generate a new api-key for the specified api-key-auth admin. The old api-key will be replaced. The response contains the only chance to read the new api-key plaintext in the api_key field.
    • api-user - Generate a new token for this api-user. type: string
  • generate.vpn-certificate.csr - Generate a certificate signing request (CSR) and a private key. The CSR can be retrieved / downloaded from CLI, GUI and REST API.
    • city - Locality (L) of the certificate subject. type: string
    • orgunits - List of organization units. Organization Units (OU) of the certificate subject. type: array
    • countrycode - Country (C) of the certificate subject. type: string
    • scep_url - SCEP server URL. If provided, use the url to enroll the csr through SCEP. type: string
    • curvename - Elliptic curve name. [secp256r1|secp384r1|secp521r1]. Unavailable if the FortiGate is a Low Encryption Device (LENC). Required when keytype is ec. type: string
    • keytype - Generate a RSA or an elliptic curve certificate request [rsa|ec]. The Elliptic Curve option is unavailable if the FortiGate is a Low Encryption Device (LENC) type: string
    • certname - Certicate name. Used to retrieve / download the CSR. Not included in CSR and key content. type: string
    • scep_password - SCEP challenge password. Some SCEP servers may require challege password. Provide it when SCEP server requires. type: string
    • state - State (ST) of the certificate subject. type: string
    • keysize - Key size.[1024|1536|2048|4096]. 512 only if the FortiGate is a Low Encryption Device (LENC). Required when keytype is RSA. type: int
    • scope - Scope of CSR [vdom*|global]. Global scope is only accessible for global administrators type: string
    • sub_alt_name - Subject alternative name (SAN) of the certificate. type: string
    • org - Organization (O) of the certificate subject. type: string
    • password - Password / pass phrase for the private key. If not provided, FortiGate generates a random one. type: string
    • email - Email of the certificate subject. type: string
    • subject - Subject (Host IP/Domain Name/E-Mail). Common Name (CN) of the certificate subject. type: string
  • geoip.geoip-query - Retrieve location details for IPs queried against FortiGuard's geoip service.
    • ip_addresses - One or more IP address strings to query for location details. type: array
  • import-mobile.user.fortitoken - Import a list of tokens from FortiGuard to the FortiGate unit.
    • code - Activation code on redemption certificate. type: string
  • import-seed.user.fortitoken - Import a FortiToken seed file.
    • file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string
  • import-trial.user.fortitoken - Import trial mobile FortiTokens.
  • import.vpn-certificate.ca - Import CA certificate.
    • file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string
    • scope - Scope of CA certificate [vdom*|global]. Global scope is only accessible for global administrators type: string
    • import_method - Method of importing CA certificate.[file|scep] type: string
    • scep_ca_id - SCEP server CA identifier for import via SCEP. type: string
    • scep_url - SCEP server URL. Required for import via SCEP type: string
  • import.vpn-certificate.crl - Import certificate revocation lists (CRL) from file content.
    • file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string
    • scope - Scope of CRL [vdom*|global]. Global scope is only accessible for global administrators type: string
  • import.vpn-certificate.local - Import local certificate.
    • file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string
    • certname - Certificate name for pkcs12 and regular certificate types. type: string
    • key_file_content - Key content encoded in BASE64 for regular certificate type. type: string
    • scope - Scope of local certificate [vdom*|global]. Global scope is only accessible for global administrators type: string
    • password - Optional password for pkcs12 and regular certificate types. type: string
    • type - Type of certificate.[local|pkcs12|regular] type: string
  • import.vpn-certificate.remote - Import remote certificate.
    • file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string
    • scope - Scope of CRL [vdom*|global]. Global scope is only accessible for global administrators type: string
  • import.web-ui.language - Import localization language file to this FortiGate.
    • file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string
  • keep-alive.wifi.spectrum - Extend duration of an existing spectrum analysis for a specific FortiAP.
    • radio_id - Radio ID. type: int
    • duration - Duration in seconds. type: int
    • wtp_id - FortiAP ID. type: string
  • login.registration.forticare - Login to FortiCare.
    • reseller_name - Reseller name. type: string
    • password - Account password. type: string
    • email - Account email. type: string
    • reseller_id - Reseller ID. type: int
  • login.registration.forticloud - Login to FortiCloud.
    • send_logs - Send logs to FortiCloud. type: boolean
    • domain - FortiCloud domain. type: string
    • password - Account password. type: string
    • email - Account email. type: string
  • logout.registration.forticloud - Logout from FortiCloud.
  • migrate.registration.forticloud - Migrate standalone FortiGate Cloud account to FortiCloud.
    • password - Account password. type: string
    • email - Account email. type: string
  • poe-reset.switch-controller.managed-switch - Reset PoE on a given FortiSwitch's port.
    • port - Name of port to reset PoE on. type: string
    • mkey - Name of managed FortiSwitch. type: string
  • provision.user.fortitoken - Provision a set of FortiTokens by serial number.
    • tokens - List of FortiToken serial numbers to provision. If omitted, all tokens will be used. type: array
  • push.switch-controller.fsw-firmware - Push FortiSwitch firmware to the given device.
    • image_id - FortiSwitch image ID. type: string
    • serial - The target device's serial. type: string
  • push.wifi.firmware - Push FortiAP firmware to the given device.
    • image_id - FortiAP image ID. type: string
    • serial - The target device's serial. type: string
  • reboot.system.os - Immediately reboot this device.
    • event_log_message - Message to be logged in event log. type: string
  • refresh-server.user.fsso - Refresh remote agent group list for all fsso agents.
  • refresh.user.fortitoken - Refresh a set of FortiTokens by serial number.
    • tokens - List of FortiToken serial numbers to refresh. If omitted, all tokens will be used. type: array
  • register-appliance.system.csf - Register appliance to Security Fabric.
    • mgmt_ip - Management IP or FQDN. type: string
    • mgmt_port - Management port. type: int
    • hostname - Host name. type: string
    • mgmt_url_parameters - Array of URL parameters. Each item is a key/value pair. If provided, the URL parameters will be included in the management IP URL. type: array
    • serial - Serial number. type: string
    • type - Appliance type (Example: 'faz'). type: string
  • register-device.registration.forticloud - Register a device to FortiCloud through FortiGate. Currently FortiSwitch and FortiAP are supported.
    • country - Country. type: string
    • serial - Device serial number type: string
    • password - Password. type: string
    • email - FortiCloud email. type: string
    • reseller - Reseller. type: string
  • reset.extender-controller.extender - Reset a specific FortiExtender unit.
    • id - FortiExtender ID to reset. type: string
  • reset.firewall.per-ip-shaper - Reset statistics for all configured firewall per-IP traffic shapers.
  • reset.firewall.policy - Reset traffic statistics for all firewall policies.
  • reset.firewall.shaper - Reset statistics for all configured traffic shapers.
  • reset.log.stats - Reset logging statistics for all log devices.
  • reset.system.modem - Reset statistics for internal/external configured modem.
  • reset.wanopt.history - Reset WAN opt. statistics.
  • reset.wanopt.peer_stats - Reset WAN opt peer statistics.
  • reset.wanopt.webcache - Reset webcache statistics.
  • reset.webcache.stats - Reset all webcache statistics.
  • reset.webfilter.category-quota - Reset webfilter quota for user or IP.
    • profile - Webfilter profile to reset. type: string
    • user - User or IP to reset with. type: string
  • reset.wifi.euclid - Reset presence analytics statistics.
  • restart.switch-controller.managed-switch - Restart a given FortiSwitch.
    • mkey - Name of managed FortiSwitch. type: string
  • restart.system.sniffer - Restart specified packet capture.
    • mkey - ID of packet capture entry. type: int
  • restart.wifi.managed_ap - Restart a given FortiAP.
    • wtpname - FortiAP name. type: string
  • restore.system.config - Restore system configuration from uploaded file or from USB.
    • config_id - When using 'revision' source: valid ID of configuration stored on disk to revert to. type: int
    • file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string
    • usb_filename - When using 'usb' source: the filename to restore from the connected USB device. type: string
    • source - Configuration file data source [upload | usb | revision]. type: string
    • scope - Specify global or VDOM only restore [global | vdom]. type: string
    • password - Password to decrypt configuration data. type: string
    • vdom - If 'vdom' scope specified, the name of the VDOM to restore configuration. type: string
  • revoke.system.dhcp - Revoke IPv4 DHCP leases.
    • ip - Optional list of addresses to revoke. Defaults to all addresses if not provided. type: array
  • revoke.system.dhcp6 - Revoke IPv6 DHCP leases.
    • ip - Optional list of addresses to revoke. Defaults to all addresses if not provided. type: array
  • run.system.config-script - Run remote config scripts.
    • remote_script - Name of remote config script to run. type: string
  • save.system.config-revision - Create a new config revision checkpoint.
    • comments - Optional revision comments type: string
  • scan.wifi.network - When FortiWiFi is in client mode, start a scan for local WiFi networks.
  • send-activation.user.fortitoken - Send a FortiToken activation code to a user via SMS or Email.
    • token - FortiToken serial number. The token must be assigned to a user/admin. type: string
    • sms_phone - Override SMS phone number. SMS provider must be set in the assigned user/admin. type: string
    • method - Method to send activation code [email|sms]. If not set, SMS will be attempted first, then email. type: string
    • email - Override email address. type: string
  • set.system.time - Sets current system time stamp.
    • hour - Specifies the hour (0 - 23) for setting/updating time manually. type: int
    • month - Specifies the month (0 - 11) for setting/updating time manually. type: int
    • second - Specifies the second (0 - 59) for setting/updating time manually. type: int
    • year - Specifies the year for setting/updating time manually. type: int
    • day - Specifies the day for setting/updating time manually. type: int
    • minute - Specifies the minute (0 - 59) for setting/updating time manually. type: int
  • set_status.wifi.managed_ap - Update administrative state for a given FortiAP (enable or disable authorization).
    • admin - New FortiAP administrative state [enable|disable|discovered]. type: string
    • wtpname - FortiAP name. type: string
  • set_status.wifi.rogue_ap - Mark detected APs as rogue APs.
    • status - Status to assign matching APs [unclassified|rogue|accepted|suppressed]. type: string
    • ssid - Corresponding list of rogue AP SSIDs. type: array
    • bssid - List of rogue AP MAC addresses. type: array
  • shutdown.system.os - Immediately shutdown this device.
    • event_log_message - Message to be logged in event log. type: string
  • sms.user.guest - Sent guest login details via SMS.
    • group - Guest group name. type: string
    • guest - Guest user IDs. type: array
  • speed-test-trigger.system.interface - Run a speed-test on the given interface.
    • mkey - Name of the interface. type: string
  • start.system.fsck - Set file system check flag so that it will be executed on next device reboot.
  • start.system.sniffer - Start specified packet capture.
    • mkey - ID of packet capture entry. type: int
  • start.system.usb-log - Start backup of logs from current VDOM to USB drive.
  • start.wifi.spectrum - Start spectrum analysis for a specific FortiAP for a duration of time.
    • radio_id - Radio ID. type: int
    • channels - Channels. type: array
    • duration - Duration in seconds. type: int
    • wtp_id - FortiAP ID. type: string
  • start.wifi.vlan-probe - Start a VLAN probe.
    • wtp - FortiAP ID. type: string
    • retries - Number of times to retry a probe for a particular VLAN. type: int
    • start_vlan_id - The starting VLAN ID for the probe. type: int
    • end_vlan_id - The ending VLAN ID for the probe. type: int
    • timeout - Timeout duration (in seconds) to wait for a VLAN probe response. type: int
    • ap_interface - FortiAP interface to send the probe on. type: int
  • stop.system.sniffer - Stop specified packet capture.
    • mkey - ID of packet capture entry. type: int
  • stop.system.usb-log - Stop backup of logs to USB drive.
  • stop.wifi.spectrum - Stop spectrum analysis for a specific FortiAP.
    • radio_id - Radio ID. type: int
    • wtp_id - FortiAP ID. type: string
  • stop.wifi.vlan-probe - Stop a VLAN probe.
    • wtp - FortiAP ID. type: string
    • ap_interface - FortiAP interface to send the probe on. type: int
  • system.change-password - Save admin and guest-admin passwords.
    • new_password - New password. type: string
    • old_password - Old password. type: string
    • mkey - User ID for password change. type: string
  • system.disconnect-admins - Disconnects logged in administrators.
    • admins - List of objects with admin id and method. type: array
    • id - Admin ID type: int
    • method - Login method used to connect admin to FortiGate. type: string
  • system.password-policy-conform - Check whether password conforms to the password policy.
    • apply_to - Password Policy ID. type: string
    • password - Password. type: string
    • old_password - Old password. type: string
    • mkey - User ID for password change. type: string
  • test-availability.system.fortiguard - Test availability of FortiGuard services.
    • protocol - Protocol to check. [https | udp | http] type: string
    • port - Port to check. type: int
    • service - Service to check. [emailfilter | webfilter] type: string
  • test-connect.user.radius - Test the connectivity of the given RADIUS server and, optionally, the validity of a username & password.
    • ordinal - If 'mkey' is provided, the server-secret pair to use from the object: 'primary', 'secondary' or 'tertiary'. Defaults to 'primary'. type: string
    • server - Host name or IP of a RADIUS server. If 'mkey' is provided, this overrides the 'server' value in the object. type: string
    • secret - Secret password for the RADIUS server. If 'mkey' is provided, this overrides the 'secret' value in the object. type: string
    • user - User name whose access to check. type: string
    • password - User's password. type: string
    • mkey - Name of FortiGate's RADIUS object whose settings to test. type: string
  • test.system.automation-stitch - Triggers an automation stitch for testing purposes.
    • log - Message to store in the log buffer when triggering an event. For example, "logid=\"32102\" eventtime=1528840790000000000 logdesc=\"Sample description\" msg=\"Sample message\"". This parameter is required for the 'event-log' event type. For the test to run, the 'logid' argument value must match the trigger-defined value. If 'logid' is not provided, the test will use the trigger-defined value. type: string
    • mkey - ID of automation stitch to trigger. type: string
  • test.user.tacacs-plus - Test the connectivity of the given TACACS+ server.
    • ordinal - If 'mkey' is provided, the server-key pair to use from the object: 'primary', 'secondary' or 'tertiary'. Defaults to 'primary'. type: string
    • source_ip - Source IP for communications to TACACS+ server. If 'mkey' is provided, this overrides the 'source-ip' value in the object. type: string
    • server - Host name of IP of a TACACS+ server. If 'mkey' is provided, this overrides the 'server' value in the object. type: string
    • secret - Secret key for the TACACS+ server. If 'mkey' is provided, this overrides the 'key' value in the object. type: string
    • port - Port number of the TACACS+ server. If 'mkey' is provided, this overrides the 'port' value in the object. Defaults to 49. type: int
    • mkey - Name of FortiGate's TACACS+ object whose settings to test. type: string
  • transfer.registration.forticare - Transfer to a new FortiCare account.
    • password - Account password. type: string
    • old_password - Old account password. type: string
    • email - Account email. type: string
    • old_email - Old account email. type: string
  • trigger.system.security-rating - Run a Security Rating report.
    • report_types - Multiple Security Rating reports to run, run all reports when unspecified. type: array
    • report_type - Security Rating report to run, run all reports when unspecified. type: string
  • tunnel_down.vpn.ipsec - Bring down a specific IPsec VPN tunnel.
    • p2name - IPsec phase2 name. type: string
    • p2serial - IPsec phase2 serial. type: int
    • p1name - IPsec phase1 name. type: string
  • tunnel_reset_stats.vpn.ipsec - Reset statistics for a specific IPsec VPN tunnel.
    • p1name - IPsec phase1 name. type: string
  • tunnel_up.vpn.ipsec - Bring up a specific IPsec VPN tunnel.
    • p2name - IPsec phase2 name. type: string
    • p2serial - IPsec phase2 serial. type: int
    • p1name - IPsec phase1 name. type: string
  • update-comments.system.config-revision - Updates comments for a system configuration file.
    • config_id - Configuration id. type: int
    • comments - Configuration comments. type: string
  • update.switch-controller.managed-switch - Update administrative state for a given FortiSwitch (enable or disable authorization).
    • admin - New FortiSwitch administrative state [enable|disable|discovered]. type: string
    • fswname - DEPRECATED since 5.6.1, will be removed in 6.4. Please use mkey instead. type: string
    • mkey - FortiSwitch name. type: string
  • update.system.fortiguard - Immediately update status for FortiGuard services.
  • update.system.ha-peer - Update configuration of peer in HA cluster.
    • priority - Priority to assign to HA member. type: int
    • serial_no - Serial number of the HA member. type: string
    • hostname - Name to assign the HA member. type: string
    • vcluster_id - Virtual cluster number. type: int
  • update.system.modem - Update supported modem list from FortiGuard.
  • update.system.sdn-connector - Update an SDN connector's connection status.
    • mkey - SDN connector name. type: string
  • update.web-ui.custom-language - Update custom language file to this Fortigate.
    • file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string
    • filename - Name of custom language file. type: string
    • lang_comments - Comments of custom language entry. type: string
    • mkey - Name of custom language entry. type: string
    • lang_name - New name of custom language entry. type: string
  • upgrade.extender-controller.extender - Upgrade FortiExtender.
    • file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string
    • id - FortiExtender ID to upgrade. type: string
  • upgrade.license.database - Upgrade or downgrade UTM engine or signature package (IPS/AntiVirus/Application Control/Industrial database/Security Rating) using uploaded file.
    • file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string
    • db_name - Security service database name [ips|appctrl|industrial_db|antivirus|security_rating] type: string
  • upgrade.system.firmware - Upgrade firmware image on this device using uploaded file.
    • file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string
    • source - Firmware file data source [upload|usb|fortiguard]. type: string
    • ignore_invalid_signature - Set to true to allow upgrade of firmware images with invalid signatures. type: boolean
    • format_partition - Set to true to format boot partition before upgrade. type: boolean
    • filename - Name of file on fortiguard or USB disk to upgrade to. type: string
  • upload.switch-controller.fsw-firmware - Upload FortiSwitch firmware to the management FortiGate and then push to target FortiSwitches.
    • serials - The target device's serial. type: string
    • file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string
  • upload.system.config-script - Upload and run a new configuration script file.
    • file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string
    • filename - Name of configuration script file. type: string
  • upload.system.vmlicense - Update VM license using uploaded file. Reboots immediately if successful.
    • file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string
  • upload.wifi.firmware - Upload FortiAP firmware to the management FortiGate and then push to target FortiAPs.
    • serials - The target device's serial. type: string
    • file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string
  • upload.wifi.region-image - Saves a floorplan/region image to an existing region.
    • image_type - MIME type of the image (png|jpeg|gif). type: string
    • file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string
    • region_name - Region name to save image to. type: string
  • utm.rating-lookup - Lookup FortiGuard rating for a specific URL.
    • url - List of URLs to query. type: array
    • lang - Language for the rating response. type: string
  • validate-gcp-key.system.sdn-connector - Validate a string representing a private key from GCP in PEM format.
    • private-key - Private key in PEM format. type: string
  • verify-cert.endpoint-control.ems - Verify EMS server certificate for a specific EMS.
    • ems_name - EMS server name (as defined in CLI table endpoint-control.fctems). type: string
    • fingerprint - EMS server certificate fingerprint to check with. type: string
  • webhook.system.automation-stitch - Triggers an incoming webhook for an automation stitch.
    • mkey - The incoming webhook name to trigger. type: string
• params - the parameter for each action, see definition in above list.type: dict

Notes

Note

• Different selector may have different parameters, users are expected to look up them in the dropdown list above..
• For some selectors, no params are allowed to appear.
• Not all parameters are required for a selector.
• This module is exclusivly for FortiOS monitor API.
• The result of API request is stored in results.

Examples

- hosts: fortigate03
  connection: httpapi
  collections:
  - fortinet.fortios
  vars:
   vdom: "root"
   ansible_httpapi_use_ssl: yes
   ansible_httpapi_validate_certs: no
   ansible_httpapi_port: 443
  tasks:

  - name: Activate FortiToken
    fortios_monitor:
       vdom: "root"
       access_token: "<fortios_access_token>"
       selector: 'activate.user.fortitoken'
       params:
           tokens: '<token string>'

  - name: Reboot This Device
    fortios_monitor:
       vdom: "root"
       access_token: "<fortios_access_token>"
       selector: 'reboot.system.os'
       params:
           event_log_message: 'Reboot Request From Ansible'

Return Values

Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:

• build - Build number of the fortigate image returned: always type: str sample: 1547
• http_method - Last method used to provision the content into FortiGate returned: always type: str sample: GET
• name - Name of the table used to fulfill the request returned: always type: str sample: firmware
• path - Path of the table used to fulfill the request returned: always type: str sample: system
• results - Object list retrieved from device. returned: always type: list
• revision - Internal revision number returned: always type: str sample: 17.0.2.10658
• serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
• status - Indication of the operation's result returned: always type: str sample: success
• vdom - Virtual domain used returned: always type: str sample: root
• version - Version of the FortiGate returned: always type: str sample: v5.6.3
• ansible_facts - The list of fact subsets collected from the device returned: always type: dict

Status

• This module is not guaranteed to have a backwards compatible interface.

Authors

• Link Zheng (@chillancezen)
• Jie Xue (@JieX19)
• Hongbin Lu (@fgtdev-hblu)
• Frank Shen (@fshen01)

Hint

If you notice any issues in this documentation, you can create a pull request to improve it.