:source: fortios_firewall_consolidated_policy.py :orphan: .. fortios_firewall_consolidated_policy: fortios_firewall_consolidated_policy -- Configure consolidated IPv4/IPv6 policies in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ .. versionadded:: 2.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall_consolidated feature and policy category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 Requirements ------------ The below requirements are needed on the host that executes this module. - ansible>=2.16 Tips ---- Using member operation to add an element to an existing object. FortiOS Version Compatibility ----------------------------- Supported Version Ranges: v6.2.0 -> v6.2.7 Parameters ---------- .. raw:: html Notes ----- .. note:: - We highly recommend using your own value as the policyid instead of 0, while '0' is a special placeholder that allows the backend to assign the latest available number for the object, it does have limitations. Please find more details in Q&A. - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks - The module supports check_mode. Examples -------- .. code-block:: yaml+jinja - name: Configure consolidated IPv4/IPv6 policies. fortinet.fortios.fortios_firewall_consolidated_policy: vdom: "{{ vdom }}" state: "present" access_token: "" firewall_consolidated_policy: action: "accept" application_list: " (source application.list.name)" auto_asic_offload: "enable" av_profile: " (source antivirus.profile.name)" captive_portal_exempt: "enable" cifs_profile: " (source cifs.profile.name)" comments: "" diffserv_forward: "enable" diffserv_reverse: "enable" diffservcode_forward: "" diffservcode_rev: "" dlp_sensor: " (source dlp.sensor.name)" dnsfilter_profile: " (source dnsfilter.profile.name)" dstaddr_negate: "enable" dstaddr4: - name: "default_name_18 (source firewall.address.name firewall.addrgrp.name firewall.vip.name firewall.vipgrp.name system.external-resource .name)" dstaddr6: - name: "default_name_20 (source firewall.address6.name firewall.addrgrp6.name firewall.vip6.name firewall.vipgrp6.name system .external-resource.name)" dstintf: - name: "default_name_22 (source system.interface.name system.zone.name)" emailfilter_profile: " (source emailfilter.profile.name)" fixedport: "enable" fsso_groups: - name: "default_name_26 (source user.adgrp.name)" global_label: "" groups: - name: "default_name_29 (source user.group.name)" http_policy_redirect: "enable" icap_profile: " (source icap.profile.name)" inbound: "enable" inspection_mode: "proxy" internet_service: "enable" internet_service_custom: - name: "default_name_36 (source firewall.internet-service-custom.name)" internet_service_custom_group: - name: "default_name_38 (source firewall.internet-service-custom-group.name)" internet_service_group: - name: "default_name_40 (source firewall.internet-service-group.name)" internet_service_id: - id: "42 (source firewall.internet-service.id)" internet_service_negate: "enable" internet_service_src: "enable" internet_service_src_custom: - name: "default_name_46 (source firewall.internet-service-custom.name)" internet_service_src_custom_group: - name: "default_name_48 (source firewall.internet-service-custom-group.name)" internet_service_src_group: - name: "default_name_50 (source firewall.internet-service-group.name)" internet_service_src_id: - id: "52 (source firewall.internet-service.id)" internet_service_src_negate: "enable" ippool: "enable" ips_sensor: " (source ips.sensor.name)" logtraffic: "all" logtraffic_start: "enable" mms_profile: " (source firewall.mms-profile.name)" name: "default_name_59" nat: "enable" outbound: "enable" per_ip_shaper: " (source firewall.shaper.per-ip-shaper.name)" policyid: "" poolname4: - name: "default_name_65 (source firewall.ippool.name)" poolname6: - name: "default_name_67 (source firewall.ippool6.name)" profile_group: " (source firewall.profile-group.name)" profile_protocol_options: " (source firewall.profile-protocol-options.name)" profile_type: "single" schedule: " (source firewall.schedule.onetime.name firewall.schedule.recurring.name firewall.schedule.group.name)" service: - name: "default_name_73 (source firewall.service.custom.name firewall.service.group.name)" service_negate: "enable" session_ttl: "1382400" srcaddr_negate: "enable" srcaddr4: - name: "default_name_78 (source firewall.address.name firewall.addrgrp.name system.external-resource.name)" srcaddr6: - name: "default_name_80 (source firewall.address6.name firewall.addrgrp6.name system.external-resource.name)" srcintf: - name: "default_name_82 (source system.interface.name system.zone.name)" ssh_filter_profile: " (source ssh-filter.profile.name)" ssh_policy_redirect: "enable" ssl_ssh_profile: " (source firewall.ssl-ssh-profile.name)" status: "enable" tcp_mss_receiver: "32767" tcp_mss_sender: "32767" traffic_shaper: " (source firewall.shaper.traffic-shaper.name)" traffic_shaper_reverse: " (source firewall.shaper.traffic-shaper.name)" users: - name: "default_name_92 (source user.local.name)" utm_status: "enable" uuid: "" voip_profile: " (source voip.profile.name)" vpntunnel: " (source vpn.ipsec.phase1.name vpn.ipsec.manualkey.name)" waf_profile: " (source waf.profile.name)" wanopt: "enable" wanopt_detection: "active" wanopt_passive_opt: "default" wanopt_peer: " (source wanopt.peer.peer-host-id)" wanopt_profile: " (source wanopt.profile.name)" webcache: "enable" webcache_https: "disable" webfilter_profile: " (source webfilter.profile.name)" webproxy_forward_server: " (source web-proxy.forward-server.name web-proxy.forward-server-group.name)" webproxy_profile: " (source web-proxy.profile.name)" Return Values ------------- Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: .. raw:: html
  • build - Build number of the fortigate image returned: always type: str sample: 1547
  • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
  • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
  • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
  • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
  • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
  • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
  • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
  • status - Indication of the operation's result returned: always type: str sample: success
  • vdom - Virtual domain used returned: always type: str sample: root
  • version - Version of the FortiGate returned: always type: str sample: v5.6.3
Status ------ - This module is not guaranteed to have a backwards compatible interface. Authors ------- - Link Zheng (@chillancezen) - Jie Xue (@JieX19) - Hongbin Lu (@fgtdev-hblu) - Frank Shen (@frankshen01) - Miguel Angel Munoz (@mamunozgonzalez) - Nicolas Thomas (@thomnico) .. hint:: If you notice any issues in this documentation, you can create a pull request to improve it.