fortios_firewall_shaping_policy – Configure shaping policies in Fortinet’s FortiOS and FortiGate.¶
New in version 2.0.0.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and shaping_policy category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
FortiOS Version Compatibility¶
v6.0.0 |
v6.0.5 |
v6.0.11 |
v6.2.0 |
v6.2.3 |
v6.2.5 |
v6.2.7 |
v6.4.0 |
v6.4.1 |
v6.4.4 |
v7.0.0 |
v7.0.1 |
v7.0.2 |
v7.0.3 |
v7.0.4 |
v7.0.5 |
v7.0.6 |
v7.0.7 |
v7.0.8 |
v7.2.0 |
v7.2.1 |
v7.2.2 |
|
fortios_firewall_shaping_policy | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes |
Parameters¶
- access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
- enable_log - Enable/Disable logging for task. type: bool required: false default: False
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- member_path - Member attribute path to operate on. type: str
- member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
- action - the action indiactor to move an object in the list type: str choices: move
- self - mkey of self identifier type: str
- after - mkey of target identifier type: str
- before - mkey of target identifier type: str
- state - Indicates whether to create or remove the object. type: str required: false choices: present, absent
- firewall_shaping_policy - Configure shaping policies. type: dict more...
- app_category - IDs of one or more application categories that this shaper applies application control traffic shaping to. type: list more...
- id - Category IDs. type: int more...
- app_group - One or more application group names. type: list more...
- name - Application group name. Source application.group.name. type: str more...
- application - IDs of one or more applications that this shaper applies application control traffic shaping to. type: list more...
- id - Application IDs. type: int more...
- class_id - Traffic class ID. Source firewall.traffic-class.class-id. type: int more...
- comment - Comments. type: str more...
- diffserv_forward - Enable to change packet"s DiffServ values to the specified diffservcode-forward value. type: str choices: enable, disable more...
- diffserv_reverse - Enable to change packet"s reverse (reply) DiffServ values to the specified diffservcode-rev value. type: str choices: enable, disable more...
- diffservcode_forward - Change packet"s DiffServ to this value. type: str more...
- diffservcode_rev - Change packet"s reverse (reply) DiffServ to this value. type: str more...
- dstaddr - IPv4 destination address and address group names. type: list more...
- name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str more...
- dstaddr6 - IPv6 destination address and address group names. type: list more...
- name - Address name. Source firewall.address6.name firewall.addrgrp6.name. type: str more...
- dstintf - One or more outgoing (egress) interfaces. type: list more...
- name - Interface name. Source system.interface.name system.zone.name system.sdwan.zone.name. type: str more...
- groups - Apply this traffic shaping policy to user groups that have authenticated with the FortiGate. type: list more...
- name - Group name. Source user.group.name. type: str more...
- id - Shaping policy ID (0 - 4294967295). type: int required: true more...
- internet_service - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. type: str choices: enable, disable more...
- internet_service_custom - Custom Internet Service name. type: list more...
- name - Custom Internet Service name. Source firewall.internet-service-custom.name. type: str more...
- internet_service_custom_group - Custom Internet Service group name. type: list more...
- name - Custom Internet Service group name. Source firewall.internet-service-custom-group.name. type: str more...
- internet_service_group - Internet Service group name. type: list more...
- name - Internet Service group name. Source firewall.internet-service-group.name. type: str more...
- internet_service_id - Internet Service ID. type: list more...
- id - Internet Service ID. Source firewall.internet-service.id. type: int more...
- internet_service_name - Internet Service ID. type: list more...
- name - Internet Service name. Source firewall.internet-service-name.name. type: str more...
- internet_service_src - Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. type: str choices: enable, disable more...
- internet_service_src_custom - Custom Internet Service source name. type: list more...
- name - Custom Internet Service name. Source firewall.internet-service-custom.name. type: str more...
- internet_service_src_custom_group - Custom Internet Service source group name. type: list more...
- name - Custom Internet Service group name. Source firewall.internet-service-custom-group.name. type: str more...
- internet_service_src_group - Internet Service source group name. type: list more...
- name - Internet Service group name. Source firewall.internet-service-group.name. type: str more...
- internet_service_src_id - Internet Service source ID. type: list more...
- id - Internet Service ID. Source firewall.internet-service.id. type: int more...
- internet_service_src_name - Internet Service source name. type: list more...
- name - Internet Service name. Source firewall.internet-service-name.name. type: str more...
- ip_version - Apply this traffic shaping policy to IPv4 or IPv6 traffic. type: str choices: 4, 6 more...
- name - Shaping policy name. type: str more...
- per_ip_shaper - Per-IP traffic shaper to apply with this policy. Source firewall.shaper.per-ip-shaper.name. type: str more...
- schedule - Schedule name. Source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name. type: str more...
- service - Service and service group names. type: list more...
- name - Service name. Source firewall.service.custom.name firewall.service.group.name. type: str more...
- srcaddr - IPv4 source address and address group names. type: list more...
- name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str more...
- srcaddr6 - IPv6 source address and address group names. type: list more...
- name - Address name. Source firewall.address6.name firewall.addrgrp6.name. type: str more...
- srcintf - One or more incoming (ingress) interfaces. type: list more...
- name - Interface name. Source system.interface.name system.zone.name system.sdwan.zone.name. type: str more...
- status - Enable/disable this traffic shaping policy. type: str choices: enable, disable more...
- tos - ToS (Type of Service) value used for comparison. type: str more...
- tos_mask - Non-zero bit positions are used for comparison while zero bit positions are ignored. type: str more...
- tos_negate - Enable negated TOS match. type: str choices: enable, disable more...
- traffic_shaper - Traffic shaper to apply to traffic forwarded by the firewall policy. Source firewall.shaper.traffic-shaper.name. type: str more...
- traffic_shaper_reverse - Traffic shaper to apply to response traffic received by the firewall policy. Source firewall.shaper.traffic-shaper.name. type: str more...
- url_category - IDs of one or more FortiGuard Web Filtering categories that this shaper applies traffic shaping to. type: list more...
- id - URL category ID. type: int more...
- users - Apply this traffic shaping policy to individual users that have authenticated with the FortiGate. type: list more...
- name - User name. Source user.local.name. type: str more...
- uuid - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). type: str more...
Notes¶
Note
- Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks
- Adjust object order by moving self after(before) another.
- Only one of [after, before] must be specified when action is moving an object.
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure shaping policies.
fortios_firewall_shaping_policy:
vdom: "{{ vdom }}"
state: "present"
access_token: "<your_own_value>"
firewall_shaping_policy:
app_category:
-
id: "4"
app_group:
-
name: "default_name_6 (source application.group.name)"
application:
-
id: "8"
class_id: "0"
comment: "Comments."
diffserv_forward: "enable"
diffserv_reverse: "enable"
diffservcode_forward: "<your_own_value>"
diffservcode_rev: "<your_own_value>"
dstaddr:
-
name: "default_name_16 (source firewall.address.name firewall.addrgrp.name)"
dstaddr6:
-
name: "default_name_18 (source firewall.address6.name firewall.addrgrp6.name)"
dstintf:
-
name: "default_name_20 (source system.interface.name system.zone.name system.sdwan.zone.name)"
groups:
-
name: "default_name_22 (source user.group.name)"
id: "23"
internet_service: "enable"
internet_service_custom:
-
name: "default_name_26 (source firewall.internet-service-custom.name)"
internet_service_custom_group:
-
name: "default_name_28 (source firewall.internet-service-custom-group.name)"
internet_service_group:
-
name: "default_name_30 (source firewall.internet-service-group.name)"
internet_service_id:
-
id: "32 (source firewall.internet-service.id)"
internet_service_name:
-
name: "default_name_34 (source firewall.internet-service-name.name)"
internet_service_src: "enable"
internet_service_src_custom:
-
name: "default_name_37 (source firewall.internet-service-custom.name)"
internet_service_src_custom_group:
-
name: "default_name_39 (source firewall.internet-service-custom-group.name)"
internet_service_src_group:
-
name: "default_name_41 (source firewall.internet-service-group.name)"
internet_service_src_id:
-
id: "43 (source firewall.internet-service.id)"
internet_service_src_name:
-
name: "default_name_45 (source firewall.internet-service-name.name)"
ip_version: "4"
name: "default_name_47"
per_ip_shaper: "<your_own_value> (source firewall.shaper.per-ip-shaper.name)"
schedule: "<your_own_value> (source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name)"
service:
-
name: "default_name_51 (source firewall.service.custom.name firewall.service.group.name)"
srcaddr:
-
name: "default_name_53 (source firewall.address.name firewall.addrgrp.name)"
srcaddr6:
-
name: "default_name_55 (source firewall.address6.name firewall.addrgrp6.name)"
srcintf:
-
name: "default_name_57 (source system.interface.name system.zone.name system.sdwan.zone.name)"
status: "enable"
tos: "<your_own_value>"
tos_mask: "<your_own_value>"
tos_negate: "enable"
traffic_shaper: "<your_own_value> (source firewall.shaper.traffic-shaper.name)"
traffic_shaper_reverse: "<your_own_value> (source firewall.shaper.traffic-shaper.name)"
url_category:
-
id: "65"
users:
-
name: "default_name_67 (source user.local.name)"
uuid: "<your_own_value>"
- name: move firewall.shaping_policy
fortios_firewall_shaping_policy:
vdom: "root"
action: "move"
self: "<mkey of self identifier>"
after: "<mkey of target identifier>"
#before: "<mkey of target identifier>"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3