:source: fortios_system_csf.py
:orphan:
.. fortios_system_csf:
fortios_system_csf -- Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate in Fortinet's FortiOS and FortiGate.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.. versionadded:: 2.0.0
.. contents::
:local:
:depth: 1
Synopsis
--------
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and csf category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
Requirements
------------
The below requirements are needed on the host that executes this module.
- ansible>=2.16
Tips
----
Using member operation to add an element to an existing object.
FortiOS Version Compatibility
-----------------------------
Supported Version Ranges: v6.0.0 -> v7.6.6
Parameters
----------
.. raw:: html
access_token - Token-based authentication. Generated from GUI of Fortigate. type: strrequired: false
enable_log - Enable/Disable logging for task. type: boolrequired: falsedefault: False
vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: strdefault: root
member_path - Member attribute path to operate on. type: str
member_state - Add or delete a member under specified attribute path. type: strchoices: present, absent
system_csf - Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate. type: dict more...
Supported Version Ranges
system_csf
v6.0.0 -> 7.6.6
accept_auth_by_cert - Accept connections with unknown certificates and ask admin for approval. type: strchoices: disable, enable more...
vdom - Virtual domains that the connector has access to. If none are set, the connector will only have access to the VDOM that it joins the Security Fabric through. type: listmember_path: fabric_connector:serial/vdom:name more...
log_unification - Enable/disable broadcast of discovery messages for log unification. type: strchoices: disable, enable more...
Supported Version Ranges
log_unification
v7.0.0 -> 7.6.6
[disable]
v7.0.0 -> 7.6.6
[enable]
v7.0.0 -> 7.6.6
management_ip - Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric. type: str more...
Supported Version Ranges
management_ip
v6.0.0 -> v6.4.4
management_port - Overriding port for management connection (Overrides admin port). type: int more...
upstream_interface_select_method - Specify how to select outgoing interface to reach server. type: strchoices: auto, sdwan, specify more...
Supported Version Ranges
upstream_interface_select_method
v7.4.4 -> 7.6.6
[auto]
v7.4.4 -> 7.6.6
[sdwan]
v7.4.4 -> 7.6.6
[specify]
v7.4.4 -> 7.6.6
upstream_ip - IP address of the FortiGate upstream from this FortiGate in the Security Fabric. type: str more...
Supported Version Ranges
upstream_ip
v6.0.0 -> v7.0.1
upstream_port - The port number to use to communicate with the FortiGate upstream from this FortiGate in the Security Fabric . type: int more...
Supported Version Ranges
upstream_port
v6.0.0 -> 7.6.6
Notes
-----
.. note::
- Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks
- The module supports check_mode.
Examples
--------
.. code-block:: yaml+jinja
- name: Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate.
fortinet.fortios.fortios_system_csf:
vdom: "{{ vdom }}"
system_csf:
accept_auth_by_cert: "disable"
authorization_request_type: "serial"
certificate: " (source certificate.local.name)"
configuration_sync: "default"
downstream_access: "enable"
downstream_accprofile: " (source system.accprofile.name)"
fabric_connector:
-
accprofile: " (source system.accprofile.name)"
configuration_write_access: "enable"
serial: ""
vdom:
-
name: "default_name_14 (source system.vdom.name)"
fabric_device:
-
access_token: ""
device_ip: ""
device_type: "fortimail"
https_port: "443"
login: ""
name: "default_name_21"
password: ""
fabric_object_unification: "default"
fabric_workers: "2"
file_mgmt: "enable"
file_quota: "0"
file_quota_warning: "90"
fixed_key: ""
forticloud_account_enforcement: "enable"
group_name: ""
group_password: ""
legacy_authentication: "disable"
log_unification: "disable"
management_ip: ""
management_port: "32767"
saml_configuration_sync: "default"
source_ip: "84.230.14.43"
status: "enable"
trusted_list:
-
action: "accept"
authorization_type: "serial"
certificate: ""
downstream_authorization: "enable"
ha_members: ""
index: "0"
name: "default_name_46"
serial: ""
uid: ""
upstream: ""
upstream_interface: " (source system.interface.name)"
upstream_interface_select_method: "auto"
upstream_ip: ""
upstream_port: "8013"
Return Values
-------------
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
.. raw:: html
build - Build number of the fortigate image returned: alwaystype: strsample: 1547
http_method - Last method used to provision the content into FortiGate returned: alwaystype: strsample: PUT
http_status - Last result given by FortiGate on last operation applied returned: alwaystype: strsample: 200
mkey - Master key (id) used in the last call to FortiGate returned: successtype: strsample: id
name - Name of the table used to fulfill the request returned: alwaystype: strsample: urlfilter
path - Path of the table used to fulfill the request returned: alwaystype: strsample: webfilter
revision - Internal revision number returned: alwaystype: strsample: 17.0.2.10658
serial - Serial number of the unit returned: alwaystype: strsample: FGVMEVYYQT3AB5352
status - Indication of the operation's result returned: alwaystype: strsample: success
vdom - Virtual domain used returned: alwaystype: strsample: root
version - Version of the FortiGate returned: alwaystype: strsample: v5.6.3
Status
------
- This module is not guaranteed to have a backwards compatible interface.
Authors
-------
- Link Zheng (@chillancezen)
- Jie Xue (@JieX19)
- Hongbin Lu (@fgtdev-hblu)
- Frank Shen (@frankshen01)
- Miguel Angel Munoz (@mamunozgonzalez)
- Nicolas Thomas (@thomnico)
.. hint::
If you notice any issues in this documentation, you can create a pull request to improve it.