:source: fortios_endpoint_control_profile.py :orphan: .. fortios_endpoint_control_profile: fortios_endpoint_control_profile -- Configure FortiClient endpoint control profiles in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ .. versionadded:: 2.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify endpoint_control feature and profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 Requirements ------------ The below requirements are needed on the host that executes this module. - ansible>=2.16 Tips ---- Using member operation to add an element to an existing object. FortiOS Version Compatibility ----------------------------- Supported Version Ranges: v6.0.0 -> v6.0.11 Parameters ---------- .. raw:: html Notes ----- .. note:: - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks - The module supports check_mode. Examples -------- .. code-block:: yaml+jinja - name: Configure FortiClient endpoint control profiles. fortinet.fortios.fortios_endpoint_control_profile: vdom: "{{ vdom }}" state: "present" access_token: "" endpoint_control_profile: description: "" device_groups: - name: "default_name_5 (source user.device-group.name user.device-category.name)" forticlient_android_settings: disable_wf_when_protected: "enable" forticlient_advanced_vpn: "enable" forticlient_advanced_vpn_buffer: "" forticlient_vpn_provisioning: "enable" forticlient_vpn_settings: - auth_method: "psk" name: "default_name_13" preshared_key: "" remote_gw: "" sslvpn_access_port: "32767" sslvpn_require_certificate: "enable" type: "ipsec" forticlient_wf: "enable" forticlient_wf_profile: " (source webfilter.profile.name)" forticlient_ios_settings: client_vpn_provisioning: "enable" client_vpn_settings: - auth_method: "psk" name: "default_name_25" preshared_key: "" remote_gw: "" sslvpn_access_port: "32767" sslvpn_require_certificate: "enable" type: "ipsec" vpn_configuration_content: "" vpn_configuration_name: "" configuration_content: "" configuration_name: "" disable_wf_when_protected: "enable" distribute_configuration_profile: "enable" forticlient_wf: "enable" forticlient_wf_profile: " (source webfilter.profile.name)" forticlient_winmac_settings: av_realtime_protection: "enable" av_signature_up_to_date: "enable" forticlient_application_firewall: "enable" forticlient_application_firewall_list: " (source application.list.name)" forticlient_av: "enable" forticlient_ems_compliance: "enable" forticlient_ems_compliance_action: "block" forticlient_ems_entries: - name: "default_name_48 (source endpoint-control.forticlient-ems.name)" forticlient_linux_ver: "" forticlient_log_upload: "enable" forticlient_log_upload_level: "traffic" forticlient_log_upload_server: "" forticlient_mac_ver: "" forticlient_minimum_software_version: "enable" forticlient_operating_system: - id: "56" os_name: "" os_type: "custom" forticlient_own_file: - file: "" id: "61" forticlient_registration_compliance_action: "block" forticlient_registry_entry: - id: "64" registry_entry: "" forticlient_running_app: - app_name: "" app_sha256_signature: "" app_sha256_signature2: "" app_sha256_signature3: "" app_sha256_signature4: "" application_check_rule: "present" id: "73" process_name: "" process_name2: "" process_name3: "" process_name4: "" forticlient_security_posture: "enable" forticlient_security_posture_compliance_action: "block" forticlient_system_compliance: "enable" forticlient_system_compliance_action: "block" forticlient_vuln_scan: "enable" forticlient_vuln_scan_compliance_action: "block" forticlient_vuln_scan_enforce: "critical" forticlient_vuln_scan_enforce_grace: "15" forticlient_vuln_scan_exempt: "enable" forticlient_wf: "enable" forticlient_wf_profile: " (source webfilter.profile.name)" forticlient_win_ver: "" os_av_software_installed: "enable" sandbox_address: "" sandbox_analysis: "enable" on_net_addr: - name: "default_name_94 (source firewall.address.name firewall.addrgrp.name)" profile_name: "" replacemsg_override_group: " (source system.replacemsg-group.name)" src_addr: - name: "default_name_98 (source firewall.address.name firewall.addrgrp.name)" user_groups: - name: "default_name_100 (source user.group.name)" users: - name: "default_name_102 (source user.local.name)" Return Values ------------- Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: .. raw:: html
  • build - Build number of the fortigate image returned: always type: str sample: 1547
  • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
  • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
  • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
  • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
  • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
  • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
  • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
  • status - Indication of the operation's result returned: always type: str sample: success
  • vdom - Virtual domain used returned: always type: str sample: root
  • version - Version of the FortiGate returned: always type: str sample: v5.6.3
Status ------ - This module is not guaranteed to have a backwards compatible interface. Authors ------- - Link Zheng (@chillancezen) - Jie Xue (@JieX19) - Hongbin Lu (@fgtdev-hblu) - Frank Shen (@frankshen01) - Miguel Angel Munoz (@mamunozgonzalez) - Nicolas Thomas (@thomnico) .. hint:: If you notice any issues in this documentation, you can create a pull request to improve it.