fortios_ssh_filter_profile – Configure SSH filter profile in Fortinet’s FortiOS and FortiGate.¶
New in version 2.0.0.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify ssh_filter feature and profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
FortiOS Version Compatibility¶
v6.0.0 |
v6.0.5 |
v6.0.11 |
v6.2.0 |
v6.2.3 |
v6.2.5 |
v6.2.7 |
v6.4.0 |
v6.4.1 |
v6.4.4 |
v7.0.0 |
v7.0.1 |
v7.0.2 |
v7.0.3 |
v7.0.4 |
v7.0.5 |
v7.0.6 |
v7.0.7 |
v7.0.8 |
v7.2.0 |
v7.2.1 |
v7.2.2 |
|
fortios_ssh_filter_profile | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes |
Parameters¶
- access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
- enable_log - Enable/Disable logging for task. type: bool required: false default: False
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- member_path - Member attribute path to operate on. type: str
- member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
- state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
- ssh_filter_profile - Configure SSH filter profile. type: dict more...
- block - SSH blocking options. type: list choices: x11, shell, exec, port-forward, tun-forward, sftp, scp, unknown more...
- default_command_log - Enable/disable logging unmatched shell commands. type: str choices: enable, disable more...
- file_filter - File filter. type: dict more...
- entries - File filter entries. type: list more...
- action - Action taken for matched file. type: str choices: log, block more...
- comment - Comment. type: str more...
- direction - Match files transmitted in the session"s originating or reply direction. type: str choices: incoming, outgoing, any more...
- file_type - Select file type. type: list more...
- name - File type name. Source antivirus.filetype.name. type: str more...
- filter - Add a file filter. type: str more...
- password_protected - Match password-protected files. type: str choices: yes, any more...
- protocol - Protocols to apply with. type: list choices: ssh more...
- log - Enable/disable file filter logging. type: str choices: enable, disable more...
- scan_archive_contents - Enable/disable file filter archive contents scan. type: str choices: enable, disable more...
- status - Enable/disable file filter. type: str choices: enable, disable more...
- log - SSH logging options. type: list choices: x11, shell, exec, port-forward, tun-forward, sftp, scp, unknown more...
- name - SSH filter profile name. type: str required: true more...
- shell_commands - SSH command filter. type: list more...
- action - Action to take for SSH shell command matches. type: str choices: block, allow more...
- alert - Enable/disable alert. type: str choices: enable, disable more...
- id - Id. type: int more...
- log - Enable/disable logging. type: str choices: enable, disable more...
- pattern - SSH shell command pattern. type: str more...
- severity - Log severity. type: str choices: low, medium, high, critical more...
- type - Matching type. type: str choices: simple, regex more...
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure SSH filter profile.
fortios_ssh_filter_profile:
vdom: "{{ vdom }}"
state: "present"
access_token: "<your_own_value>"
ssh_filter_profile:
block: "x11"
default_command_log: "enable"
file_filter:
entries:
-
action: "log"
comment: "Comment."
direction: "incoming"
file_type:
-
name: "default_name_11 (source antivirus.filetype.name)"
filter: "<your_own_value>"
password_protected: "yes"
protocol: "ssh"
log: "enable"
scan_archive_contents: "enable"
status: "enable"
log: "x11"
name: "default_name_19"
shell_commands:
-
action: "block"
alert: "enable"
id: "23"
log: "enable"
pattern: "<your_own_value>"
severity: "low"
type: "simple"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3