fortios_endpoint_control_profile – Configure FortiClient endpoint control profiles in Fortinet’s FortiOS and FortiGate.
New in version 2.0.0.
Synopsis
This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify endpoint_control feature and profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
Requirements
The below requirements are needed on the host that executes this module.
ansible>=2.15
Tips
Using member operation to add an element to an existing object.
FortiOS Version Compatibility
Supported Version Ranges: v6.0.0 -> v6.0.11
Parameters
- access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
- enable_log - Enable/Disable logging for task. type: bool required: false default: False
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- member_path - Member attribute path to operate on. type: str
- member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
- state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
- endpoint_control_profile - Configure FortiClient endpoint control profiles. type: dict more...
- description - Description. type: str more...
- device_groups - Device groups. type: list member_path: device_groups:name more...
- name - Device group object from available options. Source user.device-group.name user.device-category.name. type: str required: true more...
- forticlient_android_settings - FortiClient settings for Android platform. type: dict more...
- disable_wf_when_protected - Enable/disable FortiClient web category filtering when protected by FortiGate. type: str choices: enable, disable more...
- forticlient_advanced_vpn - Enable/disable advanced FortiClient VPN configuration. type: str choices: enable, disable more...
- forticlient_advanced_vpn_buffer - Advanced FortiClient VPN configuration. type: str more...
- forticlient_vpn_provisioning - Enable/disable FortiClient VPN provisioning. type: str choices: enable, disable more...
- forticlient_vpn_settings - FortiClient VPN settings. type: list member_path: forticlient_android_settings/forticlient_vpn_settings:name more...
- auth_method - Authentication method. type: str choices: psk, certificate more...
- name - VPN name. type: str required: true more...
- preshared_key - Pre-shared secret for PSK authentication. type: str more...
- remote_gw - IP address or FQDN of the remote VPN gateway. type: str more...
- sslvpn_access_port - SSL VPN access port (1 - 65535). type: int more...
- sslvpn_require_certificate - Enable/disable requiring SSL VPN client certificate. type: str choices: enable, disable more...
- type - VPN type (IPsec or SSL VPN). type: str choices: ipsec, ssl more...
- forticlient_wf - Enable/disable FortiClient web filtering. type: str choices: enable, disable more...
- forticlient_wf_profile - The FortiClient web filter profile to apply. Source webfilter.profile.name. type: str more...
- forticlient_ios_settings - FortiClient settings for iOS platform. type: dict more...
- client_vpn_provisioning - FortiClient VPN provisioning. type: str choices: enable, disable more...
- client_vpn_settings - FortiClient VPN settings. type: list member_path: forticlient_ios_settings/client_vpn_settings:name more...
- auth_method - Authentication method. type: str choices: psk, certificate more...
- name - VPN name. type: str required: true more...
- preshared_key - Pre-shared secret for PSK authentication. type: str more...
- remote_gw - IP address or FQDN of the remote VPN gateway. type: str more...
- sslvpn_access_port - SSL VPN access port (1 - 65535). type: int more...
- sslvpn_require_certificate - Enable/disable requiring SSL VPN client certificate. type: str choices: enable, disable more...
- type - VPN type (IPsec or SSL VPN). type: str choices: ipsec, ssl more...
- vpn_configuration_content - Content of VPN configuration. type: str more...
- vpn_configuration_name - Name of VPN configuration. type: str more...
- configuration_content - Content of configuration profile. type: str more...
- configuration_name - Name of configuration profile. type: str more...
- disable_wf_when_protected - Enable/disable FortiClient web category filtering when protected by FortiGate. type: str choices: enable, disable more...
- distribute_configuration_profile - Enable/disable configuration profile (.mobileconfig file) distribution. type: str choices: enable, disable more...
- forticlient_wf - Enable/disable FortiClient web filtering. type: str choices: enable, disable more...
- forticlient_wf_profile - The FortiClient web filter profile to apply. Source webfilter.profile.name. type: str more...
- forticlient_winmac_settings - FortiClient settings for Windows/Mac platform. type: dict more...
- av_realtime_protection - Enable/disable FortiClient AntiVirus real-time protection. type: str choices: enable, disable more...
- av_signature_up_to_date - Enable/disable FortiClient AV signature updates. type: str choices: enable, disable more...
- forticlient_application_firewall - Enable/disable the FortiClient application firewall. type: str choices: enable, disable more...
- forticlient_application_firewall_list - FortiClient application firewall rule list. Source application.list.name. type: str more...
- forticlient_av - Enable/disable FortiClient AntiVirus scanning. type: str choices: enable, disable more...
- forticlient_ems_compliance - Enable/disable FortiClient Enterprise Management Server (EMS) compliance. type: str choices: enable, disable more...
- forticlient_ems_compliance_action - FortiClient EMS compliance action. type: str choices: block, warning more...
- forticlient_ems_entries - FortiClient EMS entries. type: list member_path: forticlient_winmac_settings/forticlient_ems_entries:name more...
- name - FortiClient EMS name. Source endpoint-control.forticlient-ems.name. type: str required: true more...
- forticlient_linux_ver - Minimum FortiClient Linux version. type: str more...
- forticlient_log_upload - Enable/disable uploading FortiClient logs. type: str choices: enable, disable more...
- forticlient_log_upload_level - Select the FortiClient logs to upload. type: str choices: traffic, vulnerability, event more...
- forticlient_log_upload_server - IP address or FQDN of the server to which to upload FortiClient logs. type: str more...
- forticlient_mac_ver - Minimum FortiClient Mac OS version. type: str more...
- forticlient_minimum_software_version - Enable/disable requiring clients to run FortiClient with a minimum software version number. type: str choices: enable, disable more...
- forticlient_operating_system - FortiClient operating system. type: list member_path: forticlient_winmac_settings/forticlient_operating_system:id more...
- id - Operating system entry ID. see Notes. type: int required: true more...
- os_name - Customize operating system name or Mac OS format:x.x.x type: str more...
- os_type - Operating system type. type: str choices: custom, mac-os, win-7, win-80, win-81, win-10, win-2000, win-home-svr, win-svr-10, win-svr-2003, win-svr-2003-r2, win-svr-2008, win-svr-2008-r2, win-svr-2012, win-svr-2012-r2, win-sto-svr-2003, win-vista, win-xp, ubuntu-linux, centos-linux, redhat-linux, fedora-linux more...
- forticlient_own_file - Checking the path and filename of the FortiClient application. type: list member_path: forticlient_winmac_settings/forticlient_own_file:id more...
- file - File path and name. type: str more...
- id - File ID. see Notes. type: int required: true more...
- forticlient_registration_compliance_action - FortiClient registration compliance action. type: str choices: block, warning more...
- forticlient_registry_entry - FortiClient registry entry. type: list member_path: forticlient_winmac_settings/forticlient_registry_entry:id more...
- id - Registry entry ID. see Notes. type: int required: true more...
- registry_entry - Registry entry. type: str more...
- forticlient_running_app - Use FortiClient to verify if the listed applications are running on the client. type: list member_path: forticlient_winmac_settings/forticlient_running_app:id more...
- app_name - Application name. type: str more...
- app_sha256_signature - App"s SHA256 signature. type: str more...
- app_sha256_signature2 - App"s SHA256 Signature. type: str more...
- app_sha256_signature3 - App"s SHA256 Signature. type: str more...
- app_sha256_signature4 - App"s SHA256 Signature. type: str more...
- application_check_rule - Application check rule. type: str choices: present, absent more...
- id - Application ID. see Notes. type: int required: true more...
- process_name - Process name. type: str more...
- process_name2 - Process name. type: str more...
- process_name3 - Process name. type: str more...
- process_name4 - Process name. type: str more...
- forticlient_security_posture - Enable/disable FortiClient security posture check options. type: str choices: enable, disable more...
- forticlient_security_posture_compliance_action - FortiClient security posture compliance action. type: str choices: block, warning more...
- forticlient_system_compliance - Enable/disable enforcement of FortiClient system compliance. type: str choices: enable, disable more...
- forticlient_system_compliance_action - Block or warn clients not compliant with FortiClient requirements. type: str choices: block, warning more...
- forticlient_vuln_scan - Enable/disable FortiClient vulnerability scanning. type: str choices: enable, disable more...
- forticlient_vuln_scan_compliance_action - FortiClient vulnerability compliance action. type: str choices: block, warning more...
- forticlient_vuln_scan_enforce - Configure the level of the vulnerability found that causes a FortiClient vulnerability compliance action. type: str choices: critical, high, medium, low, info more...
- forticlient_vuln_scan_enforce_grace - FortiClient vulnerability scan enforcement grace period (0 - 30 days). type: int more...
- forticlient_vuln_scan_exempt - Enable/disable compliance exemption for vulnerabilities that cannot be patched automatically. type: str choices: enable, disable more...
- forticlient_wf - Enable/disable FortiClient web filtering. type: str choices: enable, disable more...
- forticlient_wf_profile - The FortiClient web filter profile to apply. Source webfilter.profile.name. type: str more...
- forticlient_win_ver - Minimum FortiClient Windows version. type: str more...
- os_av_software_installed - Enable/disable checking for OS recognized AntiVirus software. type: str choices: enable, disable more...
- sandbox_address - FortiSandbox address. type: str more...
- sandbox_analysis - Enable/disable sending files to FortiSandbox for analysis. type: str choices: enable, disable more...
- on_net_addr - Addresses for on-net detection. type: list member_path: on_net_addr:name more...
- name - Address object from available options. Source firewall.address.name firewall.addrgrp.name. type: str required: true more...
- profile_name - Profile name. type: str required: true more...
- replacemsg_override_group - Select an endpoint control replacement message override group from available options. Source system.replacemsg-group.name. type: str more...
- src_addr - Source addresses. type: list member_path: src_addr:name more...
- name - Address object from available options. Source firewall.address.name firewall.addrgrp.name. type: str required: true more...
- user_groups - User groups. type: list member_path: user_groups:name more...
- name - User group name. Source user.group.name. type: str required: true more...
- users - Users. type: list member_path: users:name more...
- name - User name. Source user.local.name. type: str required: true more...
Notes
Note
Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks
Examples
- name: Configure FortiClient endpoint control profiles.
fortinet.fortios.fortios_endpoint_control_profile:
vdom: "{{ vdom }}"
state: "present"
access_token: "<your_own_value>"
endpoint_control_profile:
description: "<your_own_value>"
device_groups:
-
name: "default_name_5 (source user.device-group.name user.device-category.name)"
forticlient_android_settings:
disable_wf_when_protected: "enable"
forticlient_advanced_vpn: "enable"
forticlient_advanced_vpn_buffer: "<your_own_value>"
forticlient_vpn_provisioning: "enable"
forticlient_vpn_settings:
-
auth_method: "psk"
name: "default_name_13"
preshared_key: "<your_own_value>"
remote_gw: "<your_own_value>"
sslvpn_access_port: "32767"
sslvpn_require_certificate: "enable"
type: "ipsec"
forticlient_wf: "enable"
forticlient_wf_profile: "<your_own_value> (source webfilter.profile.name)"
forticlient_ios_settings:
client_vpn_provisioning: "enable"
client_vpn_settings:
-
auth_method: "psk"
name: "default_name_25"
preshared_key: "<your_own_value>"
remote_gw: "<your_own_value>"
sslvpn_access_port: "32767"
sslvpn_require_certificate: "enable"
type: "ipsec"
vpn_configuration_content: "<your_own_value>"
vpn_configuration_name: "<your_own_value>"
configuration_content: "<your_own_value>"
configuration_name: "<your_own_value>"
disable_wf_when_protected: "enable"
distribute_configuration_profile: "enable"
forticlient_wf: "enable"
forticlient_wf_profile: "<your_own_value> (source webfilter.profile.name)"
forticlient_winmac_settings:
av_realtime_protection: "enable"
av_signature_up_to_date: "enable"
forticlient_application_firewall: "enable"
forticlient_application_firewall_list: "<your_own_value> (source application.list.name)"
forticlient_av: "enable"
forticlient_ems_compliance: "enable"
forticlient_ems_compliance_action: "block"
forticlient_ems_entries:
-
name: "default_name_48 (source endpoint-control.forticlient-ems.name)"
forticlient_linux_ver: "<your_own_value>"
forticlient_log_upload: "enable"
forticlient_log_upload_level: "traffic"
forticlient_log_upload_server: "<your_own_value>"
forticlient_mac_ver: "<your_own_value>"
forticlient_minimum_software_version: "enable"
forticlient_operating_system:
-
id: "56"
os_name: "<your_own_value>"
os_type: "custom"
forticlient_own_file:
-
file: "<your_own_value>"
id: "61"
forticlient_registration_compliance_action: "block"
forticlient_registry_entry:
-
id: "64"
registry_entry: "<your_own_value>"
forticlient_running_app:
-
app_name: "<your_own_value>"
app_sha256_signature: "<your_own_value>"
app_sha256_signature2: "<your_own_value>"
app_sha256_signature3: "<your_own_value>"
app_sha256_signature4: "<your_own_value>"
application_check_rule: "present"
id: "73"
process_name: "<your_own_value>"
process_name2: "<your_own_value>"
process_name3: "<your_own_value>"
process_name4: "<your_own_value>"
forticlient_security_posture: "enable"
forticlient_security_posture_compliance_action: "block"
forticlient_system_compliance: "enable"
forticlient_system_compliance_action: "block"
forticlient_vuln_scan: "enable"
forticlient_vuln_scan_compliance_action: "block"
forticlient_vuln_scan_enforce: "critical"
forticlient_vuln_scan_enforce_grace: "15"
forticlient_vuln_scan_exempt: "enable"
forticlient_wf: "enable"
forticlient_wf_profile: "<your_own_value> (source webfilter.profile.name)"
forticlient_win_ver: "<your_own_value>"
os_av_software_installed: "enable"
sandbox_address: "<your_own_value>"
sandbox_analysis: "enable"
on_net_addr:
-
name: "default_name_94 (source firewall.address.name firewall.addrgrp.name)"
profile_name: "<your_own_value>"
replacemsg_override_group: "<your_own_value> (source system.replacemsg-group.name)"
src_addr:
-
name: "default_name_98 (source firewall.address.name firewall.addrgrp.name)"
user_groups:
-
name: "default_name_100 (source user.group.name)"
users:
-
name: "default_name_102 (source user.local.name)"
Return Values
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
Status
This module is not guaranteed to have a backwards compatible interface.