fortios_webfilter_profile – Configure Web filter profiles in Fortinet’s FortiOS and FortiGate.¶

New in version 2.10.

Synopsis
Requirements
FortiOS Version Compatibility
Parameters
Notes
Examples
Return Values
Status
Authors

Synopsis ¶

This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify webfilter feature and profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0

Requirements ¶

The below requirements are needed on the host that executes this module.

ansible>=2.9.0

FortiOS Version Compatibility ¶

	`v6.0.0`	`v6.0.5`	`v6.0.11`	`v6.2.0`	`v6.2.3`	`v6.2.5`	`v6.2.7`	`v6.4.0`	`v6.4.1`	`v6.4.4`	`v7.0.0`
fortios_webfilter_profile	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

Parameters ¶

access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: False
enable_log - Enable/Disable logging for task. type: bool required: False default: False
vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
state - Indicates whether to create or remove the object. type: str required: True choices: present, absent
webfilter_profile - Configure Web filter profiles. type: dict more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0

webfilter_profile yes yes yes yes yes yes yes yes yes yes yes

antiphish - AntiPhishing profile. type: dict more...

v6.4.0 v6.4.1 v6.4.4 v7.0.0

antiphish yes yes yes yes

authentication - Authentication methods. type: str choices: domain-controller, ldap more...

v7.0.0

authentication yes

[domain-controller] yes

[ldap] yes
check_basic_auth - Enable/disable checking of HTTP Basic Auth field for known credentials. type: str choices: enable, disable more...

v6.4.0 v6.4.1 v6.4.4 v7.0.0

check_basic_auth yes yes yes yes

[enable] yes yes yes yes

[disable] yes yes yes yes
check_uri - Enable/disable checking of GET URI parameters for known credentials. type: str choices: enable, disable more...

v6.4.0 v6.4.1 v6.4.4 v7.0.0

check_uri yes yes yes yes

[enable] yes yes yes yes

[disable] yes yes yes yes
check_username_only - Enable/disable acting only on valid username credentials. Action will be taken for valid usernames regardless of password validity. type: str choices: enable, disable more...

v6.4.4 v7.0.0

check_username_only yes yes

[enable] yes yes

[disable] yes yes
custom_patterns - Custom username and password regex patterns. type: list more...

v6.4.0 v6.4.1 v6.4.4 v7.0.0

custom_patterns yes yes yes yes

category - Category that the pattern matches. type: str choices: username, password more...

v6.4.0 v6.4.1 v6.4.4 v7.0.0

category yes yes yes yes

[username] yes yes yes yes

[password] yes yes yes yes
pattern - Target pattern. type: str required: True more...

v6.4.0 v6.4.1 v6.4.4 v7.0.0

pattern yes yes yes yes
type - Pattern will be treated either as a regex pattern or literal string. type: str choices: regex, literal more...

v7.0.0

type yes

[regex] yes

[literal] yes

default_action - Action to be taken when there is no matching rule. type: str choices: exempt, log, block more...

v6.4.0 v6.4.1 v6.4.4 v7.0.0

default_action yes yes yes yes

[exempt] yes yes yes yes

[log] yes yes yes yes

[block] yes yes yes yes
domain_controller - Domain for which to verify received credentials against. Source credential-store.domain-controller.server-name. type: str more...

v6.4.0 v6.4.1 v6.4.4 v7.0.0

domain_controller yes yes yes yes
inspection_entries - AntiPhishing entries. type: list more...

v6.4.0 v6.4.1 v6.4.4 v7.0.0

inspection_entries yes yes yes yes

action - Action to be taken upon an AntiPhishing match. type: str choices: exempt, log, block more...

v6.4.0 v6.4.1 v6.4.4 v7.0.0

action yes yes yes yes

[exempt] yes yes yes yes

[log] yes yes yes yes

[block] yes yes yes yes
fortiguard_category - FortiGuard category to match. type: str more...

v6.4.0 v6.4.1 v6.4.4 v7.0.0

fortiguard_category yes yes yes yes
name - Inspection target name. type: str required: True more...

v6.4.0 v6.4.1 v6.4.4 v7.0.0

name yes yes yes yes

ldap - LDAP server for which to verify received credentials against. Source user.ldap.name. type: str more...

v7.0.0

ldap yes
max_body_len - Maximum size of a POST body to check for credentials. type: int more...

v6.4.0 v6.4.1 v6.4.4 v7.0.0

max_body_len yes yes yes yes
status - Toggle AntiPhishing functionality. type: str choices: enable, disable more...

v6.4.0 v6.4.1 v6.4.4 v7.0.0

status yes yes yes yes

[enable] yes yes yes yes

[disable] yes yes yes yes

comment - Optional comments. type: str more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0

comment yes yes yes yes yes yes yes yes yes yes yes

extended_log - Enable/disable extended logging for web filtering. type: str choices: enable, disable more...

feature_set - Flow/proxy feature set. type: str choices: flow, proxy more...

v6.4.0 v6.4.1 v6.4.4 v7.0.0

feature_set yes yes yes yes

[flow] yes yes yes yes

[proxy] yes yes yes yes
file_filter - File filter. type: dict more...

v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0

file_filter yes yes yes yes no no no no

entries - File filter entries. type: list more...

v6.2.0 v6.2.3 v6.2.5 v6.2.7

entries yes yes yes yes

action - Action taken for matched file. type: str choices: log, block more...

v6.2.0 v6.2.3 v6.2.5 v6.2.7

action yes yes yes yes

[log] yes yes yes yes

[block] yes yes yes yes
comment - Comment. type: str more...

v6.2.0 v6.2.3 v6.2.5 v6.2.7

comment yes yes yes yes
direction - Match files transmitted in the session"s originating or reply direction. type: str choices: incoming, outgoing, any more...

v6.2.0 v6.2.3 v6.2.5 v6.2.7

direction yes yes yes yes

[incoming] yes yes yes yes

[outgoing] yes yes yes yes

[any] yes yes yes yes
file_type - Select file type. type: list more...

v6.2.0 v6.2.3 v6.2.5 v6.2.7

file_type yes yes yes yes

name - File type name. Source antivirus.filetype.name. type: str required: True more...

v6.2.0 v6.2.3 v6.2.5 v6.2.7

name yes yes yes yes

filter - Add a file filter. type: str required: True more...

v6.2.0 v6.2.3 v6.2.5 v6.2.7

filter yes yes yes yes
password_protected - Match password-protected files. type: str choices: True, any more...

v6.2.0 v6.2.3 v6.2.5 v6.2.7

password_protected yes yes yes yes

[yes] yes yes yes yes

[any] yes yes yes yes
protocol - Protocols to apply with. type: str choices: http, ftp more...

v6.2.0 v6.2.3 v6.2.5 v6.2.7

protocol yes yes yes yes

[http] yes yes yes yes

[ftp] yes yes yes yes

log - Enable/disable file filter logging. type: str choices: enable, disable more...

v6.2.0 v6.2.3 v6.2.5 v6.2.7

log yes yes yes yes

[enable] yes yes yes yes

[disable] yes yes yes yes
scan_archive_contents - Enable/disable file filter archive contents scan. type: str choices: enable, disable more...

v6.2.0 v6.2.3 v6.2.5 v6.2.7

scan_archive_contents yes yes yes yes

[enable] yes yes yes yes

[disable] yes yes yes yes
status - Enable/disable file filter. type: str choices: enable, disable more...

v6.2.0 v6.2.3 v6.2.5 v6.2.7

status yes yes yes yes

[enable] yes yes yes yes

[disable] yes yes yes yes

ftgd_wf - FortiGuard Web Filter settings. type: dict more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0

ftgd_wf yes yes yes yes yes yes yes yes yes yes yes

exempt_quota - Do not stop quota for these categories. type: str more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0

exempt_quota yes yes yes yes yes yes yes yes yes yes yes
filters - FortiGuard filters. type: list more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0

filters yes yes yes yes yes yes yes yes yes yes yes

action - Action to take for matches. type: str choices: block, authenticate, monitor, warning more...

auth_usr_grp - Groups with permission to authenticate. type: str more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0

auth_usr_grp yes yes yes yes yes yes yes yes yes yes yes
category - Categories and groups the filter examines. type: int more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0

category yes yes yes yes yes yes yes yes yes yes yes
id - ID number. type: int required: True more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0

id yes yes yes yes yes yes yes yes yes yes yes

log - Enable/disable logging. type: str choices: enable, disable more...

override_replacemsg - Override replacement message. type: str more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0

override_replacemsg yes yes yes yes yes yes yes yes yes yes yes
warn_duration - Duration of warnings. type: str more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0

warn_duration yes yes yes yes yes yes yes yes yes yes yes

warning_duration_type - Re-display warning after closing browser or after a timeout. type: str choices: session, timeout more...

warning_prompt - Warning prompts in each category or each domain. type: str choices: per-domain, per-category more...

max_quota_timeout - Maximum FortiGuard quota used by single page view in seconds (excludes streams). type: int more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0

max_quota_timeout yes yes yes yes yes yes yes yes yes yes yes

options - Options for FortiGuard Web Filter. type: str choices: error-allow, rate-server-ip, connect-request-bypass, ftgd-disable more...

ovrd - Allow web filter profile overrides. type: str more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0

ovrd yes yes yes yes yes yes yes yes yes yes yes
quota - FortiGuard traffic quota settings. type: list more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0

quota yes yes yes yes yes yes yes yes yes yes yes

category - FortiGuard categories to apply quota to (category action must be set to monitor). type: str more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0

category yes yes yes yes yes yes yes yes yes yes yes
duration - Duration of quota. type: str more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0

duration yes yes yes yes yes yes yes yes yes yes yes
id - ID number. type: int required: True more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0

id yes yes yes yes yes yes yes yes yes yes yes
override_replacemsg - Override replacement message. type: str more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0

override_replacemsg yes yes yes yes yes yes yes yes yes yes yes

type - Quota type. type: str choices: time, traffic more...

unit - Traffic quota unit of measurement. type: str choices: B, KB, MB, GB more...

value - Traffic quota value. type: int more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0

value yes yes yes yes yes yes yes yes yes yes yes

rate_crl_urls - Enable/disable rating CRL by URL. type: str choices: disable, enable more...

rate_css_urls - Enable/disable rating CSS by URL. type: str choices: disable, enable more...

rate_image_urls - Enable/disable rating images by URL. type: str choices: disable, enable more...

rate_javascript_urls - Enable/disable rating JavaScript by URL. type: str choices: disable, enable more...

https_replacemsg - Enable replacement messages for HTTPS. type: str choices: enable, disable more...

inspection_mode - Web filtering inspection mode. type: str choices: proxy, flow-based more...

log_all_url - Enable/disable logging all URLs visited. type: str choices: enable, disable more...

name - Profile name. type: str required: True more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0

name yes yes yes yes yes yes yes yes yes yes yes

options - Options. type: list choices: activexfilter, cookiefilter, javafilter, block-invalid-url, jscript, js, vbs, unknown, intrinsic, wf-referer, wf-cookie, per-user-bwl, per-user-bal more...

override - Web Filter override settings. type: dict more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0

override yes yes yes yes yes yes yes yes yes yes yes

ovrd_cookie - Allow/deny browser-based (cookie) overrides. type: str choices: allow, deny more...

ovrd_dur - Override duration. type: str more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0

ovrd_dur yes yes yes yes yes yes yes yes yes yes yes

ovrd_dur_mode - Override duration mode. type: str choices: constant, ask more...

ovrd_scope - Override scope. type: str choices: user, user-group, ip, browser, ask more...

ovrd_user_group - User groups with permission to use the override. type: str more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0

ovrd_user_group yes yes yes yes yes yes yes yes yes yes yes
profile - Web filter profile with permission to create overrides. type: list more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0

profile yes yes yes yes yes yes yes yes yes yes yes

name - Web profile. Source webfilter.profile.name. type: str required: True more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0

name yes yes yes yes yes yes yes yes yes yes yes

profile_attribute - Profile attribute to retrieve from the RADIUS server. type: str choices: User-Name, NAS-IP-Address, Framed-IP-Address, Framed-IP-Netmask, Filter-Id, Login-IP-Host, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, Class, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Zone, Acct-Session-Id, Acct-Multi-Session-Id more...

profile_type - Override profile type. type: str choices: list, radius more...

ovrd_perm - Permitted override types. type: list choices: bannedword-override, urlfilter-override, fortiguard-wf-override, contenttype-check-override more...

post_action - Action taken for HTTP POST traffic. type: str choices: normal, block more...

replacemsg_group - Replacement message group. Source system.replacemsg-group.name. type: str more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0

replacemsg_group yes yes yes yes yes yes yes yes yes yes yes
url_extraction - Configure URL Extraction type: dict more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0

url_extraction yes yes yes yes yes yes yes yes yes yes no

redirect_header - HTTP header name to use for client redirect on blocked requests type: str more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0

redirect_header yes yes yes yes yes yes yes yes yes yes yes

redirect_no_content - Enable / Disable empty message-body entity in HTTP response type: str choices: enable, disable more...

redirect_url - HTTP header value to use for client redirect on blocked requests type: str more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0

redirect_url yes yes yes yes yes yes yes yes yes yes yes
server_fqdn - URL extraction server FQDN (fully qualified domain name) type: str more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0

server_fqdn yes yes yes yes yes yes yes yes yes yes yes

status - Enable URL Extraction type: str choices: enable, disable more...

web - Web content filtering settings. type: dict more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0

web yes yes yes yes yes yes yes yes yes yes yes

allowlist - FortiGuard allowlist settings. type: list choices: exempt-av, exempt-webcontent, exempt-activex-java-cookie, exempt-dlp, exempt-rangeblock, extended-log-others more...

v7.0.0

allowlist yes

[exempt-av] yes

[exempt-webcontent] yes

[exempt-activex-java-cookie] yes

[exempt-dlp] yes

[exempt-rangeblock] yes

[extended-log-others] yes

blacklist - Enable/disable automatic addition of URLs detected by FortiSandbox to blacklist. type: str choices: enable, disable more...

blocklist - Enable/disable automatic addition of URLs detected by FortiSandbox to blocklist. type: str choices: enable, disable more...

v7.0.0

blocklist yes

[enable] yes

[disable] yes
bword_table - Banned word table ID. Source webfilter.content.id. type: int more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0

bword_table yes yes yes yes yes yes yes yes yes yes yes
bword_threshold - Banned word score threshold. type: int more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0

bword_threshold yes yes yes yes yes yes yes yes yes yes yes
content_header_list - Content header list. Source webfilter.content-header.id. type: int more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0

content_header_list yes yes yes yes yes yes yes yes yes yes yes
keyword_match - Search keywords to log when match is found. type: str more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0

keyword_match yes yes yes yes yes yes yes yes yes yes yes

log_search - Enable/disable logging all search phrases. type: str choices: enable, disable more...

safe_search - Safe search type. type: list choices: url, header more...

urlfilter_table - URL filter table ID. Source webfilter.urlfilter.id. type: int more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0

urlfilter_table yes yes yes yes yes yes yes yes yes yes yes

whitelist - FortiGuard whitelist settings. type: list choices: exempt-av, exempt-webcontent, exempt-activex-java-cookie, exempt-dlp, exempt-rangeblock, extended-log-others more...

youtube_restrict - YouTube EDU filter level. type: str choices: none, strict, moderate more...

web_antiphishing_log - Enable/disable logging of AntiPhishing checks. type: str choices: enable, disable more...

v6.4.0 v6.4.1 v6.4.4 v7.0.0

web_antiphishing_log yes yes yes yes

[enable] yes yes yes yes

[disable] yes yes yes yes

web_content_log - Enable/disable logging logging blocked web content. type: str choices: enable, disable more...

web_extended_all_action_log - Enable/disable extended any filter action logging for web filtering. type: str choices: enable, disable more...

web_filter_activex_log - Enable/disable logging ActiveX. type: str choices: enable, disable more...

web_filter_applet_log - Enable/disable logging Java applets. type: str choices: enable, disable more...

web_filter_command_block_log - Enable/disable logging blocked commands. type: str choices: enable, disable more...

web_filter_cookie_log - Enable/disable logging cookie filtering. type: str choices: enable, disable more...

web_filter_cookie_removal_log - Enable/disable logging blocked cookies. type: str choices: enable, disable more...

web_filter_js_log - Enable/disable logging Java scripts. type: str choices: enable, disable more...

web_filter_jscript_log - Enable/disable logging JScripts. type: str choices: enable, disable more...

web_filter_referer_log - Enable/disable logging referrers. type: str choices: enable, disable more...

web_filter_unknown_log - Enable/disable logging unknown scripts. type: str choices: enable, disable more...

web_filter_vbs_log - Enable/disable logging VBS scripts. type: str choices: enable, disable more...

web_ftgd_err_log - Enable/disable logging rating errors. type: str choices: enable, disable more...

web_ftgd_quota_usage - Enable/disable logging daily quota usage. type: str choices: enable, disable more...

web_invalid_domain_log - Enable/disable logging invalid domain names. type: str choices: enable, disable more...

web_url_log - Enable/disable logging URL filtering. type: str choices: enable, disable more...

wisp - Enable/disable web proxy WISP. type: str choices: enable, disable more...

wisp_algorithm - WISP server selection algorithm. type: str choices: primary-secondary, round-robin, auto-learning more...

wisp_servers - WISP servers. type: list more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0

wisp_servers yes yes yes yes yes yes yes yes yes yes yes

name - Server name. Source web-proxy.wisp.name. type: str required: True more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0

name yes yes yes yes yes yes yes yes yes yes yes

youtube_channel_filter - YouTube channel filter. type: list more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0

youtube_channel_filter yes yes yes yes yes yes yes yes yes yes no

channel_id - YouTube channel ID to be filtered. type: str more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4

channel_id yes yes yes yes yes yes yes yes yes yes
comment - Comment. type: str more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4

comment yes yes yes yes yes yes yes yes yes yes
id - ID. type: int required: True more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4

id yes yes yes yes yes yes yes yes yes yes

youtube_channel_status - YouTube channel filter status. type: str choices: disable, blacklist, whitelist more...

Notes ¶

Note

Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks

Examples ¶

- hosts: fortigates
  collections:
    - fortinet.fortios
  connection: httpapi
  vars:
   vdom: "root"
   ansible_httpapi_use_ssl: yes
   ansible_httpapi_validate_certs: no
   ansible_httpapi_port: 443
  tasks:
  - name: Configure Web filter profiles.
    fortios_webfilter_profile:
      vdom:  "{{ vdom }}"
      state: "present"
      access_token: "<your_own_value>"
      webfilter_profile:
        antiphish:
            authentication: "domain-controller"
            check_basic_auth: "enable"
            check_uri: "enable"
            check_username_only: "enable"
            custom_patterns:
             -
                category: "username"
                pattern: "<your_own_value>"
                type: "regex"
            default_action: "exempt"
            domain_controller: "<your_own_value> (source credential-store.domain-controller.server-name)"
            inspection_entries:
             -
                action: "exempt"
                fortiguard_category: "<your_own_value>"
                name: "default_name_17"
            ldap: "<your_own_value> (source user.ldap.name)"
            max_body_len: "19"
            status: "enable"
        comment: "Optional comments."
        extended_log: "enable"
        feature_set: "flow"
        file_filter:
            entries:
             -
                action: "log"
                comment: "Comment."
                direction: "incoming"
                file_type:
                 -
                    name: "default_name_30 (source antivirus.filetype.name)"
                filter: "<your_own_value>"
                password_protected: "yes"
                protocol: "http"
            log: "enable"
            scan_archive_contents: "enable"
            status: "enable"
        ftgd_wf:
            exempt_quota: "<your_own_value>"
            filters:
             -
                action: "block"
                auth_usr_grp:
                 -
                    name: "default_name_42 (source user.group.name)"
                category: "43"
                id:  "44"
                log: "enable"
                override_replacemsg: "<your_own_value>"
                warn_duration: "<your_own_value>"
                warning_duration_type: "session"
                warning_prompt: "per-domain"
            max_quota_timeout: "50"
            options: "error-allow"
            ovrd: "<your_own_value>"
            quota:
             -
                category: "<your_own_value>"
                duration: "<your_own_value>"
                id:  "56"
                override_replacemsg: "<your_own_value>"
                type: "time"
                unit: "B"
                value: "60"
            rate_crl_urls: "disable"
            rate_css_urls: "disable"
            rate_image_urls: "disable"
            rate_javascript_urls: "disable"
        https_replacemsg: "enable"
        inspection_mode: "proxy"
        log_all_url: "enable"
        name: "default_name_68"
        options: "activexfilter"
        override:
            ovrd_cookie: "allow"
            ovrd_dur: "<your_own_value>"
            ovrd_dur_mode: "constant"
            ovrd_scope: "user"
            ovrd_user_group:
             -
                name: "default_name_76 (source user.group.name)"
            profile:
             -
                name: "default_name_78 (source webfilter.profile.name)"
            profile_attribute: "User-Name"
            profile_type: "list"
        ovrd_perm: "bannedword-override"
        post_action: "normal"
        replacemsg_group: "<your_own_value> (source system.replacemsg-group.name)"
        url_extraction:
            redirect_header: "<your_own_value>"
            redirect_no_content: "enable"
            redirect_url: "<your_own_value>"
            server_fqdn: "<your_own_value>"
            status: "enable"
        web:
            allowlist: "exempt-av"
            blacklist: "enable"
            blocklist: "enable"
            bword_table: "94 (source webfilter.content.id)"
            bword_threshold: "95"
            content_header_list: "96 (source webfilter.content-header.id)"
            keyword_match:
             -
                pattern: "<your_own_value>"
            log_search: "enable"
            safe_search: "url"
            urlfilter_table: "101 (source webfilter.urlfilter.id)"
            whitelist: "exempt-av"
            youtube_restrict: "none"
        web_antiphishing_log: "enable"
        web_content_log: "enable"
        web_extended_all_action_log: "enable"
        web_filter_activex_log: "enable"
        web_filter_applet_log: "enable"
        web_filter_command_block_log: "enable"
        web_filter_cookie_log: "enable"
        web_filter_cookie_removal_log: "enable"
        web_filter_js_log: "enable"
        web_filter_jscript_log: "enable"
        web_filter_referer_log: "enable"
        web_filter_unknown_log: "enable"
        web_filter_vbs_log: "enable"
        web_ftgd_err_log: "enable"
        web_ftgd_quota_usage: "enable"
        web_invalid_domain_log: "enable"
        web_url_log: "enable"
        wisp: "enable"
        wisp_algorithm: "primary-secondary"
        wisp_servers:
         -
            name: "default_name_124 (source web-proxy.wisp.name)"
        youtube_channel_filter:
         -
            channel_id: "<your_own_value>"
            comment: "Comment."
            id:  "128"
        youtube_channel_status: "disable"

Return Values ¶

Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:

build - Build number of the fortigate image returned: always type: str sample: 1547
http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
revision - Internal revision number returned: always type: str sample: 17.0.2.10658
serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
status - Indication of the operation's result returned: always type: str sample: success
vdom - Virtual domain used returned: always type: str sample: root
version - Version of the FortiGate returned: always type: str sample: v5.6.3

Status ¶

This module is not guaranteed to have a backwards compatible interface.

Authors ¶

Link Zheng (@chillancezen)
Jie Xue (@JieX19)
Hongbin Lu (@fgtdev-hblu)
Frank Shen (@frankshen01)
Miguel Angel Munoz (@mamunozgonzalez)
Nicolas Thomas (@thomnico)

Hint

If you notice any issues in this documentation, you can create a pull request to improve it.