:source: fortios_firewall_profile_protocol_options.py :orphan: .. fortios_firewall_profile_protocol_options: fortios_firewall_profile_protocol_options -- Configure protocol options in Fortinet's FortiOS and FortiGate. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ .. versionadded:: 2.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and profile_protocol_options category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 Requirements ------------ The below requirements are needed on the host that executes this module. - ansible>=2.16 Tips ---- Using member operation to add an element to an existing object. FortiOS Version Compatibility ----------------------------- Supported Version Ranges: v6.0.0 -> v7.6.6 Parameters ---------- .. raw:: html

access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
enable_log - Enable/Disable logging for task. type: bool required: false default: False
vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
member_path - Member attribute path to operate on. type: str
member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
firewall_profile_protocol_options - Configure protocol options. type: dict more...

Supported Version Ranges

firewall_profile_protocol_options v6.0.0 -> 7.6.6

cifs - Configure CIFS protocol options. type: dict more...

Supported Version Ranges

cifs v6.2.0 -> 7.6.6

domain_controller - Domain for which to decrypt CIFS traffic. Source user.domain-controller.name credential-store.domain-controller.server-name. type: str more...

Supported Version Ranges

domain_controller v6.4.0 -> v6.4.0 v6.4.4 -> 7.6.6
options - One or more options that can be applied to the session. type: list choices: oversize more...

Supported Version Ranges

options v6.4.0 -> 7.6.6

[oversize] v6.4.0 -> 7.6.6
oversize_limit - Maximum in-memory file size that can be scanned (MB). type: int more...

Supported Version Ranges

oversize_limit v6.4.0 -> 7.6.6
ports - Ports to scan for content (1 - 65535). type: list
scan_bzip2 - Enable/disable scanning of BZip2 compressed files. type: str choices: enable, disable more...

Supported Version Ranges

scan_bzip2 v6.4.0 -> 7.6.6

[enable] v6.4.0 -> 7.6.6
[disable] v6.4.0 -> 7.6.6

server_credential_type - CIFS server credential type. type: str choices: none, credential-replication, credential-keytab more...

server_keytab - Server keytab. type: list member_path: cifs/server_keytab:principal more...

Supported Version Ranges

server_keytab v6.2.7 -> v6.4.0 v6.4.4 -> 7.6.6

keytab - Base64 encoded keytab file containing credential of the server. type: str more...

Supported Version Ranges

keytab v6.2.7 -> v6.4.0 v6.4.4 -> 7.6.6
principal - Service principal. For example, host/cifsserver.example.com@example.com. type: str required: true more...

Supported Version Ranges

principal v6.2.7 -> v6.4.0 v6.4.4 -> 7.6.6

status - Enable/disable the active status of scanning for this protocol. type: str choices: enable, disable more...

Supported Version Ranges

status v6.2.0 -> 7.6.6

[enable] v6.2.0 -> 7.6.6
[disable] v6.2.0 -> 7.6.6
tcp_window_maximum - Maximum dynamic TCP window size. type: int more...

Supported Version Ranges

tcp_window_maximum v6.4.0 -> 7.6.6
tcp_window_minimum - Minimum dynamic TCP window size. type: int more...

Supported Version Ranges

tcp_window_minimum v6.4.0 -> 7.6.6
tcp_window_size - Set TCP static window size. type: int more...

Supported Version Ranges

tcp_window_size v6.4.0 -> 7.6.6
tcp_window_type - TCP window type to use for this protocol. type: str choices: auto-tuning, system, static, dynamic more...

Supported Version Ranges

tcp_window_type v6.4.0 -> 7.6.6

[auto-tuning] v7.0.4 -> 7.6.6

[system] v6.4.0 -> 7.6.6
[static] v6.4.0 -> 7.6.6
[dynamic] v6.4.0 -> 7.6.6
uncompressed_nest_limit - Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). type: int more...

Supported Version Ranges

uncompressed_nest_limit v6.4.0 -> 7.6.6
uncompressed_oversize_limit - Maximum in-memory uncompressed file size that can be scanned (MB). type: int more...

Supported Version Ranges

uncompressed_oversize_limit v6.4.0 -> 7.6.6

comment - Optional comments. type: str more...

Supported Version Ranges

comment v6.0.0 -> 7.6.6
dns - Configure DNS protocol options. type: dict more...

Supported Version Ranges

dns v6.0.0 -> 7.6.6

ports - Ports to scan for content (1 - 65535). type: list
status - Enable/disable the active status of scanning for this protocol. type: str choices: enable, disable more...

Supported Version Ranges

status v6.0.0 -> 7.6.6

[enable] v6.0.0 -> 7.6.6
[disable] v6.0.0 -> 7.6.6

ftp - Configure FTP protocol options. type: dict more...

Supported Version Ranges

ftp v6.0.0 -> 7.6.6

comfort_amount - Number of bytes to send in each transmission for client comforting (bytes). type: int more...

Supported Version Ranges

comfort_amount v6.0.0 -> 7.6.6
comfort_interval - Interval between successive transmissions of data for client comforting (seconds). type: int more...

Supported Version Ranges

comfort_interval v6.0.0 -> 7.6.6
explicit_ftp_tls - Enable/disable FTP redirection for explicit FTPS. type: str choices: enable, disable more...

Supported Version Ranges

explicit_ftp_tls v7.0.8 -> v7.0.12 v7.2.1 -> 7.6.6

[enable] v7.0.8 -> v7.0.12
[disable] v7.0.8 -> v7.0.12
inspect_all - Enable/disable the inspection of all ports for the protocol. type: str choices: enable, disable more...

Supported Version Ranges

inspect_all v6.0.0 -> 7.6.6

[enable] v6.0.0 -> 7.6.6
[disable] v6.0.0 -> 7.6.6

options - One or more options that can be applied to the session. type: list choices: clientcomfort, oversize, splice, bypass-rest-command, bypass-mode-command more...

oversize_limit - Maximum in-memory file size that can be scanned (MB). type: int more...

Supported Version Ranges

oversize_limit v6.0.0 -> 7.6.6
ports - Ports to scan for content (1 - 65535). type: list
scan_bzip2 - Enable/disable scanning of BZip2 compressed files. type: str choices: enable, disable more...

Supported Version Ranges

scan_bzip2 v6.0.0 -> 7.6.6

[enable] v6.0.0 -> 7.6.6
[disable] v6.0.0 -> 7.6.6
ssl_offloaded - SSL decryption and encryption performed by an external device. type: str choices: no, yes more...

Supported Version Ranges

ssl_offloaded v6.2.0 -> 7.6.6

[no] v6.2.0 -> 7.6.6
[yes] v6.2.0 -> 7.6.6
status - Enable/disable the active status of scanning for this protocol. type: str choices: enable, disable more...

Supported Version Ranges

status v6.0.0 -> 7.6.6

[enable] v6.0.0 -> 7.6.6
[disable] v6.0.0 -> 7.6.6
stream_based_uncompressed_limit - Maximum stream-based uncompressed data size that will be scanned in megabytes. Stream-based uncompression used only under certain conditions (unlimited = 0). type: int more...

Supported Version Ranges

stream_based_uncompressed_limit v7.0.0 -> 7.6.6
tcp_window_maximum - Maximum dynamic TCP window size. type: int more...

Supported Version Ranges

tcp_window_maximum v7.0.0 -> 7.6.6
tcp_window_minimum - Minimum dynamic TCP window size. type: int more...

Supported Version Ranges

tcp_window_minimum v7.0.0 -> 7.6.6
tcp_window_size - Set TCP static window size. type: int more...

Supported Version Ranges

tcp_window_size v7.0.0 -> 7.6.6
tcp_window_type - TCP window type to use for this protocol. type: str choices: auto-tuning, system, static, dynamic more...

Supported Version Ranges

tcp_window_type v7.0.0 -> 7.6.6

[auto-tuning] v7.0.4 -> 7.6.6

[system] v7.0.0 -> 7.6.6
[static] v7.0.0 -> 7.6.6
[dynamic] v7.0.0 -> 7.6.6
uncompressed_nest_limit - Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). type: int more...

Supported Version Ranges

uncompressed_nest_limit v6.0.0 -> 7.6.6
uncompressed_oversize_limit - Maximum in-memory uncompressed file size that can be scanned (MB). type: int more...

Supported Version Ranges

uncompressed_oversize_limit v6.0.0 -> 7.6.6

http - Configure HTTP protocol options. type: dict more...

Supported Version Ranges

http v6.0.0 -> 7.6.6

address_ip_rating - Enable/disable IP based URL rating. type: str choices: enable, disable more...

Supported Version Ranges

address_ip_rating v7.0.6 -> 7.6.6

[enable] v7.0.6 -> 7.6.6
[disable] v7.0.6 -> 7.6.6
block_page_status_code - Code number returned for blocked HTTP pages (non-FortiGuard only) (100 - 599). type: int more...

Supported Version Ranges

block_page_status_code v6.0.0 -> 7.6.6
comfort_amount - Number of bytes to send in each transmission for client comforting (bytes). type: int more...

Supported Version Ranges

comfort_amount v6.0.0 -> 7.6.6
comfort_interval - Interval between successive transmissions of data for client comforting (seconds). type: int more...

Supported Version Ranges

comfort_interval v6.0.0 -> 7.6.6
domain_fronting - Configure HTTP domain fronting . type: str choices: allow, monitor, block, strict more...

Supported Version Ranges

domain_fronting v7.6.0 -> 7.6.6

[allow] v7.6.0 -> 7.6.6
[monitor] v7.6.0 -> 7.6.6
[block] v7.6.0 -> 7.6.6
[strict] v7.6.4 -> 7.6.6
fortinet_bar - Enable/disable Fortinet bar on HTML content. type: str choices: enable, disable more...

Supported Version Ranges

fortinet_bar v6.0.0 -> v6.2.7 v6.4.1 -> v6.4.1

[enable] v6.0.0 -> v6.2.7
[disable] v6.0.0 -> v6.2.7
fortinet_bar_port - Port for use by Fortinet Bar (1 - 65535). type: int more...

Supported Version Ranges

fortinet_bar_port v6.0.0 -> v6.2.7 v6.4.1 -> v6.4.1
h2c - Enable/disable h2c HTTP connection upgrade. type: str choices: enable, disable more...

Supported Version Ranges

h2c v7.2.0 -> 7.6.6

[enable] v7.2.0 -> 7.6.6
[disable] v7.2.0 -> 7.6.6
set_http_0dot9 - Configure action to take upon receipt of HTTP 0.9 request. type: str choices: allow, block more...

Supported Version Ranges

set_http_0dot9 v7.6.1 -> 7.6.6

[allow] v7.6.1 -> 7.6.6
[block] v7.6.1 -> 7.6.6
http_policy - Enable/disable HTTP policy check. type: str choices: disable, enable more...

Supported Version Ranges

http_policy v6.0.0 -> v6.0.11

[disable] v6.0.0 -> v6.0.11
[enable] v6.0.0 -> v6.0.11
inspect_all - Enable/disable the inspection of all ports for the protocol. type: str choices: enable, disable more...

Supported Version Ranges

inspect_all v6.0.0 -> 7.6.6

[enable] v6.0.0 -> 7.6.6
[disable] v6.0.0 -> 7.6.6

options - One or more options that can be applied to the session. type: list choices: clientcomfort, servercomfort, oversize, chunkedbypass more...

oversize_limit - Maximum in-memory file size that can be scanned (MB). type: int more...

Supported Version Ranges

oversize_limit v6.0.0 -> 7.6.6
ports - Ports to scan for content (1 - 65535). type: list

post_lang - ID codes for character sets to be used to convert to UTF-8 for banned words and DLP on HTTP posts (maximum of 5 character sets). type: list choices: jisx0201, jisx0208, jisx0212, gb2312, ksc5601-ex, euc-jp, sjis, iso2022-jp, iso2022-jp-1, iso2022-jp-2, euc-cn, ces-gbk, hz, ces-big5, euc-kr, iso2022-jp-3, iso8859-1, tis620, cp874, cp1252, cp1251 more...

proxy_after_tcp_handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). type: str choices: enable, disable more...

Supported Version Ranges

proxy_after_tcp_handshake v6.4.0 -> 7.6.6

[enable] v6.4.0 -> 7.6.6
[disable] v6.4.0 -> 7.6.6
range_block - Enable/disable blocking of partial downloads. type: str choices: disable, enable more...

Supported Version Ranges

range_block v6.0.0 -> 7.6.6

[disable] v6.0.0 -> 7.6.6
[enable] v6.0.0 -> 7.6.6
retry_count - Number of attempts to retry HTTP connection (0 - 100). type: int more...

Supported Version Ranges

retry_count v6.0.0 -> 7.6.6
scan_bzip2 - Enable/disable scanning of BZip2 compressed files. type: str choices: enable, disable more...

Supported Version Ranges

scan_bzip2 v6.0.0 -> 7.6.6

[enable] v6.0.0 -> 7.6.6
[disable] v6.0.0 -> 7.6.6
ssl_offloaded - SSL decryption and encryption performed by an external device. type: str choices: no, yes more...

Supported Version Ranges

ssl_offloaded v6.2.0 -> 7.6.6

[no] v6.2.0 -> 7.6.6
[yes] v6.2.0 -> 7.6.6
status - Enable/disable the active status of scanning for this protocol. type: str choices: enable, disable more...

Supported Version Ranges

status v6.0.0 -> 7.6.6

[enable] v6.0.0 -> 7.6.6
[disable] v6.0.0 -> 7.6.6
stream_based_uncompressed_limit - Maximum stream-based uncompressed data size that will be scanned in megabytes. Stream-based uncompression used only under certain conditions (unlimited = 0). type: int more...

Supported Version Ranges

stream_based_uncompressed_limit v6.2.0 -> 7.6.6
streaming_content_bypass - Enable/disable bypassing of streaming content from buffering. type: str choices: enable, disable more...

Supported Version Ranges

streaming_content_bypass v6.0.0 -> 7.6.6

[enable] v6.0.0 -> 7.6.6
[disable] v6.0.0 -> 7.6.6
strip_x_forwarded_for - Enable/disable stripping of HTTP X-Forwarded-For header. type: str choices: disable, enable more...

Supported Version Ranges

strip_x_forwarded_for v6.0.0 -> 7.6.6

[disable] v6.0.0 -> 7.6.6
[enable] v6.0.0 -> 7.6.6
switching_protocols - Bypass from scanning, or block a connection that attempts to switch protocol. type: str choices: bypass, block more...

Supported Version Ranges

switching_protocols v6.0.0 -> 7.6.6

[bypass] v6.0.0 -> 7.6.6
[block] v6.0.0 -> 7.6.6
tcp_window_maximum - Maximum dynamic TCP window size. type: int more...

Supported Version Ranges

tcp_window_maximum v6.2.0 -> 7.6.6
tcp_window_minimum - Minimum dynamic TCP window size. type: int more...

Supported Version Ranges

tcp_window_minimum v6.2.0 -> 7.6.6
tcp_window_size - Set TCP static window size. type: int more...

Supported Version Ranges

tcp_window_size v6.2.0 -> 7.6.6
tcp_window_type - TCP window type to use for this protocol. type: str choices: auto-tuning, system, static, dynamic more...

Supported Version Ranges

tcp_window_type v6.2.0 -> 7.6.6

[auto-tuning] v7.0.4 -> 7.6.6

[system] v6.2.0 -> 7.6.6
[static] v6.2.0 -> 7.6.6
[dynamic] v6.2.0 -> 7.6.6
tunnel_non_http - Configure how to process non-HTTP traffic when a profile configured for HTTP traffic accepts a non-HTTP session. Can occur if an application sends non-HTTP traffic using an HTTP destination port. type: str choices: enable, disable more...

Supported Version Ranges

tunnel_non_http v6.4.0 -> 7.6.6

[enable] v6.4.0 -> 7.6.6
[disable] v6.4.0 -> 7.6.6
uncompressed_nest_limit - Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). type: int more...

Supported Version Ranges

uncompressed_nest_limit v6.0.0 -> 7.6.6
uncompressed_oversize_limit - Maximum in-memory uncompressed file size that can be scanned (MB). type: int more...

Supported Version Ranges

uncompressed_oversize_limit v6.0.0 -> 7.6.6
unknown_content_encoding - Configure the action the FortiGate unit will take on unknown content-encoding. type: str choices: block, inspect, bypass more...

Supported Version Ranges

unknown_content_encoding v7.2.4 -> 7.6.6

[block] v7.2.4 -> 7.6.6
[inspect] v7.2.4 -> 7.6.6
[bypass] v7.2.4 -> 7.6.6
unknown_http_version - How to handle HTTP sessions that do not comply with HTTP 0.9, 1.0, or 1.1. type: str choices: reject, tunnel, best-effort more...

Supported Version Ranges

unknown_http_version v6.4.0 -> 7.6.6

[reject] v6.4.0 -> 7.6.6
[tunnel] v6.4.0 -> 7.6.6
[best-effort] v6.4.0 -> 7.6.6
verify_dns_for_policy_matching - Enable/disable verification of DNS for policy matching. type: str choices: enable, disable more...

Supported Version Ranges

verify_dns_for_policy_matching v7.2.1 -> 7.6.6

[enable] v7.2.1 -> 7.6.6
[disable] v7.2.1 -> 7.6.6

imap - Configure IMAP protocol options. type: dict more...

Supported Version Ranges

imap v6.0.0 -> 7.6.6

inspect_all - Enable/disable the inspection of all ports for the protocol. type: str choices: enable, disable more...

Supported Version Ranges

inspect_all v6.0.0 -> 7.6.6

[enable] v6.0.0 -> 7.6.6
[disable] v6.0.0 -> 7.6.6
options - One or more options that can be applied to the session. type: list choices: fragmail, oversize more...

Supported Version Ranges

options v6.0.0 -> 7.6.6

[fragmail] v6.0.0 -> 7.6.6
[oversize] v6.0.0 -> 7.6.6
oversize_limit - Maximum in-memory file size that can be scanned (MB). type: int more...

Supported Version Ranges

oversize_limit v6.0.0 -> 7.6.6
ports - Ports to scan for content (1 - 65535). type: list
proxy_after_tcp_handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). type: str choices: enable, disable more...

Supported Version Ranges

proxy_after_tcp_handshake v6.4.0 -> 7.6.6

[enable] v6.4.0 -> 7.6.6
[disable] v6.4.0 -> 7.6.6
scan_bzip2 - Enable/disable scanning of BZip2 compressed files. type: str choices: enable, disable more...

Supported Version Ranges

scan_bzip2 v6.0.0 -> 7.6.6

[enable] v6.0.0 -> 7.6.6
[disable] v6.0.0 -> 7.6.6
ssl_offloaded - SSL decryption and encryption performed by an external device. type: str choices: no, yes more...

Supported Version Ranges

ssl_offloaded v6.2.0 -> 7.6.6

[no] v6.2.0 -> 7.6.6
[yes] v6.2.0 -> 7.6.6
status - Enable/disable the active status of scanning for this protocol. type: str choices: enable, disable more...

Supported Version Ranges

status v6.0.0 -> 7.6.6

[enable] v6.0.0 -> 7.6.6
[disable] v6.0.0 -> 7.6.6
uncompressed_nest_limit - Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). type: int more...

Supported Version Ranges

uncompressed_nest_limit v6.0.0 -> 7.6.6
uncompressed_oversize_limit - Maximum in-memory uncompressed file size that can be scanned (MB). type: int more...

Supported Version Ranges

uncompressed_oversize_limit v6.0.0 -> 7.6.6

mail_signature - Configure Mail signature. type: dict more...

Supported Version Ranges

mail_signature v6.0.0 -> 7.6.6

signature - Email signature to be added to outgoing email (if the signature contains spaces, enclose with quotation marks). type: str more...

Supported Version Ranges

signature v6.0.0 -> 7.6.6
status - Enable/disable adding an email signature to SMTP email messages as they pass through the FortiGate. type: str choices: disable, enable more...

Supported Version Ranges

status v6.0.0 -> 7.6.6

[disable] v6.0.0 -> 7.6.6
[enable] v6.0.0 -> 7.6.6

mapi - Configure MAPI protocol options. type: dict more...

Supported Version Ranges

mapi v6.0.0 -> 7.6.6

options - One or more options that can be applied to the session. type: list choices: fragmail, oversize more...

Supported Version Ranges

options v6.0.0 -> 7.6.6

[fragmail] v6.0.0 -> 7.6.6
[oversize] v6.0.0 -> 7.6.6
oversize_limit - Maximum in-memory file size that can be scanned (MB). type: int more...

Supported Version Ranges

oversize_limit v6.0.0 -> 7.6.6
ports - Ports to scan for content (1 - 65535). type: list
scan_bzip2 - Enable/disable scanning of BZip2 compressed files. type: str choices: enable, disable more...

Supported Version Ranges

scan_bzip2 v6.0.0 -> 7.6.6

[enable] v6.0.0 -> 7.6.6
[disable] v6.0.0 -> 7.6.6
status - Enable/disable the active status of scanning for this protocol. type: str choices: enable, disable more...

Supported Version Ranges

status v6.0.0 -> 7.6.6

[enable] v6.0.0 -> 7.6.6
[disable] v6.0.0 -> 7.6.6
uncompressed_nest_limit - Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). type: int more...

Supported Version Ranges

uncompressed_nest_limit v6.0.0 -> 7.6.6
uncompressed_oversize_limit - Maximum in-memory uncompressed file size that can be scanned (MB). type: int more...

Supported Version Ranges

uncompressed_oversize_limit v6.0.0 -> 7.6.6

name - Name. type: str required: true more...

Supported Version Ranges

name v6.0.0 -> 7.6.6
nntp - Configure NNTP protocol options. type: dict more...

Supported Version Ranges

nntp v6.0.0 -> 7.6.6

inspect_all - Enable/disable the inspection of all ports for the protocol. type: str choices: enable, disable more...

Supported Version Ranges

inspect_all v6.0.0 -> 7.6.6

[enable] v6.0.0 -> 7.6.6
[disable] v6.0.0 -> 7.6.6
options - One or more options that can be applied to the session. type: list choices: oversize, splice more...

Supported Version Ranges

options v6.0.0 -> 7.6.6

[oversize] v6.0.0 -> 7.6.6
[splice] v6.0.0 -> 7.6.6
oversize_limit - Maximum in-memory file size that can be scanned (MB). type: int more...

Supported Version Ranges

oversize_limit v6.0.0 -> 7.6.6
ports - Ports to scan for content (1 - 65535). type: list
proxy_after_tcp_handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). type: str choices: enable, disable more...

Supported Version Ranges

proxy_after_tcp_handshake v6.4.0 -> 7.6.6

[enable] v6.4.0 -> 7.6.6
[disable] v6.4.0 -> 7.6.6
scan_bzip2 - Enable/disable scanning of BZip2 compressed files. type: str choices: enable, disable more...

Supported Version Ranges

scan_bzip2 v6.0.0 -> 7.6.6

[enable] v6.0.0 -> 7.6.6
[disable] v6.0.0 -> 7.6.6
status - Enable/disable the active status of scanning for this protocol. type: str choices: enable, disable more...

Supported Version Ranges

status v6.0.0 -> 7.6.6

[enable] v6.0.0 -> 7.6.6
[disable] v6.0.0 -> 7.6.6
uncompressed_nest_limit - Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). type: int more...

Supported Version Ranges

uncompressed_nest_limit v6.0.0 -> 7.6.6
uncompressed_oversize_limit - Maximum in-memory uncompressed file size that can be scanned (MB). type: int more...

Supported Version Ranges

uncompressed_oversize_limit v6.0.0 -> 7.6.6

oversize_log - Enable/disable logging for antivirus oversize file blocking. type: str choices: disable, enable more...

Supported Version Ranges

oversize_log v6.0.0 -> 7.6.6

[disable] v6.0.0 -> 7.6.6
[enable] v6.0.0 -> 7.6.6
pop3 - Configure POP3 protocol options. type: dict more...

Supported Version Ranges

pop3 v6.0.0 -> 7.6.6

inspect_all - Enable/disable the inspection of all ports for the protocol. type: str choices: enable, disable more...

Supported Version Ranges

inspect_all v6.0.0 -> 7.6.6

[enable] v6.0.0 -> 7.6.6
[disable] v6.0.0 -> 7.6.6
options - One or more options that can be applied to the session. type: list choices: fragmail, oversize more...

Supported Version Ranges

options v6.0.0 -> 7.6.6

[fragmail] v6.0.0 -> 7.6.6
[oversize] v6.0.0 -> 7.6.6
oversize_limit - Maximum in-memory file size that can be scanned (MB). type: int more...

Supported Version Ranges

oversize_limit v6.0.0 -> 7.6.6
ports - Ports to scan for content (1 - 65535). type: list
proxy_after_tcp_handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). type: str choices: enable, disable more...

Supported Version Ranges

proxy_after_tcp_handshake v6.4.0 -> 7.6.6

[enable] v6.4.0 -> 7.6.6
[disable] v6.4.0 -> 7.6.6
scan_bzip2 - Enable/disable scanning of BZip2 compressed files. type: str choices: enable, disable more...

Supported Version Ranges

scan_bzip2 v6.0.0 -> 7.6.6

[enable] v6.0.0 -> 7.6.6
[disable] v6.0.0 -> 7.6.6
ssl_offloaded - SSL decryption and encryption performed by an external device. type: str choices: no, yes more...

Supported Version Ranges

ssl_offloaded v6.2.0 -> 7.6.6

[no] v6.2.0 -> 7.6.6
[yes] v6.2.0 -> 7.6.6
status - Enable/disable the active status of scanning for this protocol. type: str choices: enable, disable more...

Supported Version Ranges

status v6.0.0 -> 7.6.6

[enable] v6.0.0 -> 7.6.6
[disable] v6.0.0 -> 7.6.6
uncompressed_nest_limit - Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). type: int more...

Supported Version Ranges

uncompressed_nest_limit v6.0.0 -> 7.6.6
uncompressed_oversize_limit - Maximum in-memory uncompressed file size that can be scanned (MB). type: int more...

Supported Version Ranges

uncompressed_oversize_limit v6.0.0 -> 7.6.6

replacemsg_group - Name of the replacement message group to be used. Source system.replacemsg-group.name. type: str more...

Supported Version Ranges

replacemsg_group v6.0.0 -> 7.6.6
rpc_over_http - Enable/disable inspection of RPC over HTTP. type: str choices: enable, disable more...

Supported Version Ranges

rpc_over_http v6.0.0 -> 7.6.6

[enable] v6.0.0 -> 7.6.6
[disable] v6.0.0 -> 7.6.6
smtp - Configure SMTP protocol options. type: dict more...

Supported Version Ranges

smtp v6.0.0 -> 7.6.6

inspect_all - Enable/disable the inspection of all ports for the protocol. type: str choices: enable, disable more...

Supported Version Ranges

inspect_all v6.0.0 -> 7.6.6

[enable] v6.0.0 -> 7.6.6
[disable] v6.0.0 -> 7.6.6
options - One or more options that can be applied to the session. type: list choices: fragmail, oversize, splice more...

Supported Version Ranges

options v6.0.0 -> 7.6.6

[fragmail] v6.0.0 -> 7.6.6
[oversize] v6.0.0 -> 7.6.6
[splice] v6.0.0 -> 7.6.6
oversize_limit - Maximum in-memory file size that can be scanned (MB). type: int more...

Supported Version Ranges

oversize_limit v6.0.0 -> 7.6.6
ports - Ports to scan for content (1 - 65535). type: list
proxy_after_tcp_handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). type: str choices: enable, disable more...

Supported Version Ranges

proxy_after_tcp_handshake v6.4.0 -> 7.6.6

[enable] v6.4.0 -> 7.6.6
[disable] v6.4.0 -> 7.6.6
scan_bzip2 - Enable/disable scanning of BZip2 compressed files. type: str choices: enable, disable more...

Supported Version Ranges

scan_bzip2 v6.0.0 -> 7.6.6

[enable] v6.0.0 -> 7.6.6
[disable] v6.0.0 -> 7.6.6
server_busy - Enable/disable SMTP server busy when server not available. type: str choices: enable, disable more...

Supported Version Ranges

server_busy v6.0.0 -> 7.6.6

[enable] v6.0.0 -> 7.6.6
[disable] v6.0.0 -> 7.6.6
ssl_offloaded - SSL decryption and encryption performed by an external device. type: str choices: no, yes more...

Supported Version Ranges

ssl_offloaded v6.2.0 -> 7.6.6

[no] v6.2.0 -> 7.6.6
[yes] v6.2.0 -> 7.6.6
status - Enable/disable the active status of scanning for this protocol. type: str choices: enable, disable more...

Supported Version Ranges

status v6.0.0 -> 7.6.6

[enable] v6.0.0 -> 7.6.6
[disable] v6.0.0 -> 7.6.6
uncompressed_nest_limit - Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). type: int more...

Supported Version Ranges

uncompressed_nest_limit v6.0.0 -> 7.6.6
uncompressed_oversize_limit - Maximum in-memory uncompressed file size that can be scanned (MB). type: int more...

Supported Version Ranges

uncompressed_oversize_limit v6.0.0 -> 7.6.6

ssh - Configure SFTP and SCP protocol options. type: dict more...

Supported Version Ranges

ssh v6.2.0 -> 7.6.6

comfort_amount - Number of bytes to send in each transmission for client comforting (bytes). type: int more...

Supported Version Ranges

comfort_amount v6.2.0 -> 7.6.6
comfort_interval - Interval between successive transmissions of data for client comforting (seconds). type: int more...

Supported Version Ranges

comfort_interval v6.2.0 -> 7.6.6
options - One or more options that can be applied to the session. type: list choices: oversize, clientcomfort, servercomfort more...

Supported Version Ranges

options v6.2.0 -> 7.6.6

[oversize] v6.2.0 -> 7.6.6
[clientcomfort] v6.2.0 -> 7.6.6
[servercomfort] v6.2.0 -> 7.6.6
oversize_limit - Maximum in-memory file size that can be scanned (MB). type: int more...

Supported Version Ranges

oversize_limit v6.2.0 -> 7.6.6
scan_bzip2 - Enable/disable scanning of BZip2 compressed files. type: str choices: enable, disable more...

Supported Version Ranges

scan_bzip2 v6.2.0 -> 7.6.6

[enable] v6.2.0 -> 7.6.6
[disable] v6.2.0 -> 7.6.6
ssl_offloaded - SSL decryption and encryption performed by an external device. type: str choices: no, yes more...

Supported Version Ranges

ssl_offloaded v7.0.0 -> 7.6.6

[no] v7.0.0 -> 7.6.6
[yes] v7.0.0 -> 7.6.6
stream_based_uncompressed_limit - Maximum stream-based uncompressed data size that will be scanned in megabytes. Stream-based uncompression used only under certain conditions (unlimited = 0). type: int more...

Supported Version Ranges

stream_based_uncompressed_limit v7.0.0 -> 7.6.6
tcp_window_maximum - Maximum dynamic TCP window size. type: int more...

Supported Version Ranges

tcp_window_maximum v7.0.0 -> 7.6.6
tcp_window_minimum - Minimum dynamic TCP window size. type: int more...

Supported Version Ranges

tcp_window_minimum v7.0.0 -> 7.6.6
tcp_window_size - Set TCP static window size. type: int more...

Supported Version Ranges

tcp_window_size v7.0.0 -> 7.6.6
tcp_window_type - TCP window type to use for this protocol. type: str choices: auto-tuning, system, static, dynamic more...

Supported Version Ranges

tcp_window_type v7.0.0 -> 7.6.6

[auto-tuning] v7.0.4 -> 7.6.6

[system] v7.0.0 -> 7.6.6
[static] v7.0.0 -> 7.6.6
[dynamic] v7.0.0 -> 7.6.6
uncompressed_nest_limit - Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). type: int more...

Supported Version Ranges

uncompressed_nest_limit v6.2.0 -> 7.6.6
uncompressed_oversize_limit - Maximum in-memory uncompressed file size that can be scanned (MB). type: int more...

Supported Version Ranges

uncompressed_oversize_limit v6.2.0 -> 7.6.6

switching_protocols_log - Enable/disable logging for HTTP/HTTPS switching protocols. type: str choices: disable, enable more...

Supported Version Ranges

switching_protocols_log v6.0.0 -> 7.6.6

[disable] v6.0.0 -> 7.6.6
[enable] v6.0.0 -> 7.6.6

Notes ----- .. note:: - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks - The module supports check_mode. Examples -------- .. code-block:: yaml+jinja - name: Configure protocol options. fortinet.fortios.fortios_firewall_profile_protocol_options: vdom: "{{ vdom }}" state: "present" access_token: "" firewall_profile_protocol_options: cifs: domain_controller: " (source user.domain-controller.name credential-store.domain-controller.server-name)" options: "oversize" oversize_limit: "10" ports: "" scan_bzip2: "enable" server_credential_type: "none" server_keytab: - keytab: "" principal: "" status: "enable" tcp_window_maximum: "8388608" tcp_window_minimum: "131072" tcp_window_size: "262144" tcp_window_type: "auto-tuning" uncompressed_nest_limit: "12" uncompressed_oversize_limit: "10" comment: "Optional comments." dns: ports: "" status: "enable" ftp: comfort_amount: "1" comfort_interval: "10" explicit_ftp_tls: "enable" inspect_all: "enable" options: "clientcomfort" oversize_limit: "10" ports: "" scan_bzip2: "enable" ssl_offloaded: "no" status: "enable" stream_based_uncompressed_limit: "0" tcp_window_maximum: "8388608" tcp_window_minimum: "131072" tcp_window_size: "262144" tcp_window_type: "auto-tuning" uncompressed_nest_limit: "12" uncompressed_oversize_limit: "10" http: address_ip_rating: "enable" block_page_status_code: "403" comfort_amount: "1" comfort_interval: "10" domain_fronting: "allow" fortinet_bar: "enable" fortinet_bar_port: "32767" h2c: "enable" set_http_0dot9: "allow" http_policy: "disable" inspect_all: "enable" options: "clientcomfort" oversize_limit: "10" ports: "" post_lang: "jisx0201" proxy_after_tcp_handshake: "enable" range_block: "disable" retry_count: "0" scan_bzip2: "enable" ssl_offloaded: "no" status: "enable" stream_based_uncompressed_limit: "0" streaming_content_bypass: "enable" strip_x_forwarded_for: "disable" switching_protocols: "bypass" tcp_window_maximum: "8388608" tcp_window_minimum: "131072" tcp_window_size: "262144" tcp_window_type: "auto-tuning" tunnel_non_http: "enable" uncompressed_nest_limit: "12" uncompressed_oversize_limit: "10" unknown_content_encoding: "block" unknown_http_version: "reject" verify_dns_for_policy_matching: "enable" imap: inspect_all: "enable" options: "fragmail" oversize_limit: "10" ports: "" proxy_after_tcp_handshake: "enable" scan_bzip2: "enable" ssl_offloaded: "no" status: "enable" uncompressed_nest_limit: "12" uncompressed_oversize_limit: "10" mail_signature: signature: "" status: "disable" mapi: options: "fragmail" oversize_limit: "10" ports: "" scan_bzip2: "enable" status: "enable" uncompressed_nest_limit: "12" uncompressed_oversize_limit: "10" name: "default_name_100" nntp: inspect_all: "enable" options: "oversize" oversize_limit: "10" ports: "" proxy_after_tcp_handshake: "enable" scan_bzip2: "enable" status: "enable" uncompressed_nest_limit: "12" uncompressed_oversize_limit: "10" oversize_log: "disable" pop3: inspect_all: "enable" options: "fragmail" oversize_limit: "10" ports: "" proxy_after_tcp_handshake: "enable" scan_bzip2: "enable" ssl_offloaded: "no" status: "enable" uncompressed_nest_limit: "12" uncompressed_oversize_limit: "10" replacemsg_group: " (source system.replacemsg-group.name)" rpc_over_http: "enable" smtp: inspect_all: "enable" options: "fragmail" oversize_limit: "10" ports: "" proxy_after_tcp_handshake: "enable" scan_bzip2: "enable" server_busy: "enable" ssl_offloaded: "no" status: "enable" uncompressed_nest_limit: "12" uncompressed_oversize_limit: "10" ssh: comfort_amount: "1" comfort_interval: "10" options: "oversize" oversize_limit: "10" scan_bzip2: "enable" ssl_offloaded: "no" stream_based_uncompressed_limit: "0" tcp_window_maximum: "8388608" tcp_window_minimum: "131072" tcp_window_size: "262144" tcp_window_type: "auto-tuning" uncompressed_nest_limit: "12" uncompressed_oversize_limit: "10" switching_protocols_log: "disable" Return Values ------------- Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: .. raw:: html

build - Build number of the fortigate image returned: always type: str sample: 1547
http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
revision - Internal revision number returned: always type: str sample: 17.0.2.10658
serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
status - Indication of the operation's result returned: always type: str sample: success
vdom - Virtual domain used returned: always type: str sample: root
version - Version of the FortiGate returned: always type: str sample: v5.6.3

Status ------ - This module is not guaranteed to have a backwards compatible interface. Authors ------- - Link Zheng (@chillancezen) - Jie Xue (@JieX19) - Hongbin Lu (@fgtdev-hblu) - Frank Shen (@frankshen01) - Miguel Angel Munoz (@mamunozgonzalez) - Nicolas Thomas (@thomnico) .. hint:: If you notice any issues in this documentation, you can create a pull request to improve it.

	Supported Version Ranges
firewall_profile_protocol_options	`v6.0.0 -> 7.6.6`

	Supported Version Ranges
domain_controller	`v6.4.0 -> v6.4.0`	`v6.4.4 -> 7.6.6`

	Supported Version Ranges
options	`v6.4.0 -> 7.6.6`
[oversize]	`v6.4.0 -> 7.6.6`

	Supported Version Ranges
scan_bzip2	`v6.4.0 -> 7.6.6`
[enable]	`v6.4.0 -> 7.6.6`
[disable]	`v6.4.0 -> 7.6.6`

	Supported Version Ranges
server_credential_type	`v6.2.7 -> v6.4.0`	`v6.4.4 -> 7.6.6`
[none]	`v6.2.7 -> v6.4.0`
[credential-replication]	`v6.2.7 -> v6.4.0`
[credential-keytab]	`v6.2.7 -> v6.4.0`

	Supported Version Ranges
server_keytab	`v6.2.7 -> v6.4.0`	`v6.4.4 -> 7.6.6`

	Supported Version Ranges
keytab	`v6.2.7 -> v6.4.0`	`v6.4.4 -> 7.6.6`

	Supported Version Ranges
principal	`v6.2.7 -> v6.4.0`	`v6.4.4 -> 7.6.6`

	Supported Version Ranges
status	`v6.2.0 -> 7.6.6`
[enable]	`v6.2.0 -> 7.6.6`
[disable]	`v6.2.0 -> 7.6.6`

	Supported Version Ranges
tcp_window_type	`v6.4.0 -> 7.6.6`
[auto-tuning]	`v7.0.4 -> 7.6.6`
[system]	`v6.4.0 -> 7.6.6`
[static]	`v6.4.0 -> 7.6.6`
[dynamic]	`v6.4.0 -> 7.6.6`

	Supported Version Ranges
explicit_ftp_tls	`v7.0.8 -> v7.0.12`	`v7.2.1 -> 7.6.6`
[enable]	`v7.0.8 -> v7.0.12`
[disable]	`v7.0.8 -> v7.0.12`

	Supported Version Ranges
uncompressed_nest_limit	`v6.4.0 -> 7.6.6`

	Supported Version Ranges
uncompressed_oversize_limit	`v6.4.0 -> 7.6.6`

	Supported Version Ranges
inspect_all	`v6.0.0 -> 7.6.6`
[enable]	`v6.0.0 -> 7.6.6`
[disable]	`v6.0.0 -> 7.6.6`

	Supported Version Ranges
ssl_offloaded	`v6.2.0 -> 7.6.6`
[no]	`v6.2.0 -> 7.6.6`
[yes]	`v6.2.0 -> 7.6.6`

	Supported Version Ranges
stream_based_uncompressed_limit	`v7.0.0 -> 7.6.6`

	Supported Version Ranges
address_ip_rating	`v7.0.6 -> 7.6.6`
[enable]	`v7.0.6 -> 7.6.6`
[disable]	`v7.0.6 -> 7.6.6`

	Supported Version Ranges
block_page_status_code	`v6.0.0 -> 7.6.6`

	Supported Version Ranges
domain_fronting	`v7.6.0 -> 7.6.6`
[allow]	`v7.6.0 -> 7.6.6`
[monitor]	`v7.6.0 -> 7.6.6`
[block]	`v7.6.0 -> 7.6.6`
[strict]	`v7.6.4 -> 7.6.6`

	Supported Version Ranges
fortinet_bar	`v6.0.0 -> v6.2.7`	`v6.4.1 -> v6.4.1`
[enable]	`v6.0.0 -> v6.2.7`
[disable]	`v6.0.0 -> v6.2.7`

	Supported Version Ranges
fortinet_bar_port	`v6.0.0 -> v6.2.7`	`v6.4.1 -> v6.4.1`

	Supported Version Ranges
h2c	`v7.2.0 -> 7.6.6`
[enable]	`v7.2.0 -> 7.6.6`
[disable]	`v7.2.0 -> 7.6.6`

	Supported Version Ranges
set_http_0dot9	`v7.6.1 -> 7.6.6`
[allow]	`v7.6.1 -> 7.6.6`
[block]	`v7.6.1 -> 7.6.6`

	Supported Version Ranges
http_policy	`v6.0.0 -> v6.0.11`
[disable]	`v6.0.0 -> v6.0.11`
[enable]	`v6.0.0 -> v6.0.11`

	Supported Version Ranges
post_lang	`v6.0.0 -> 7.6.6`
[jisx0201]	`v6.0.0 -> 7.6.6`
[jisx0208]	`v6.0.0 -> 7.6.6`
[jisx0212]	`v6.0.0 -> 7.6.6`
[gb2312]	`v6.0.0 -> 7.6.6`
[ksc5601-ex]	`v6.0.0 -> 7.6.6`
[euc-jp]	`v6.0.0 -> 7.6.6`
[sjis]	`v6.0.0 -> 7.6.6`
[iso2022-jp]	`v6.0.0 -> 7.6.6`
[iso2022-jp-1]	`v6.0.0 -> 7.6.6`
[iso2022-jp-2]	`v6.0.0 -> 7.6.6`
[euc-cn]	`v6.0.0 -> 7.6.6`
[ces-gbk]	`v6.0.0 -> 7.6.6`
[hz]	`v6.0.0 -> 7.6.6`
[ces-big5]	`v6.0.0 -> 7.6.6`
[euc-kr]	`v6.0.0 -> 7.6.6`
[iso2022-jp-3]	`v6.0.0 -> 7.6.6`
[iso8859-1]	`v6.0.0 -> 7.6.6`
[tis620]	`v6.0.0 -> 7.6.6`
[cp874]	`v6.0.0 -> 7.6.6`
[cp1252]	`v6.0.0 -> 7.6.6`
[cp1251]	`v6.0.0 -> 7.6.6`

	Supported Version Ranges
proxy_after_tcp_handshake	`v6.4.0 -> 7.6.6`
[enable]	`v6.4.0 -> 7.6.6`
[disable]	`v6.4.0 -> 7.6.6`

	Supported Version Ranges
range_block	`v6.0.0 -> 7.6.6`
[disable]	`v6.0.0 -> 7.6.6`
[enable]	`v6.0.0 -> 7.6.6`

	Supported Version Ranges
streaming_content_bypass	`v6.0.0 -> 7.6.6`
[enable]	`v6.0.0 -> 7.6.6`
[disable]	`v6.0.0 -> 7.6.6`

	Supported Version Ranges
strip_x_forwarded_for	`v6.0.0 -> 7.6.6`
[disable]	`v6.0.0 -> 7.6.6`
[enable]	`v6.0.0 -> 7.6.6`

	Supported Version Ranges
switching_protocols	`v6.0.0 -> 7.6.6`
[bypass]	`v6.0.0 -> 7.6.6`
[block]	`v6.0.0 -> 7.6.6`

	Supported Version Ranges
tunnel_non_http	`v6.4.0 -> 7.6.6`
[enable]	`v6.4.0 -> 7.6.6`
[disable]	`v6.4.0 -> 7.6.6`