ansible / ansible.builtin / v2.8.13 / module / fmgr_secprof_appctrl Manage application control security profiles | "added in version" 2.8 of ansible.builtin" Authors: Luke Weighall (@lweighall), Andrew Welsh (@Ghilli3), Jim Huber (@p4r4n0y1ng) preview | supported by communityansible.builtin.fmgr_secprof_appctrl (v2.8.13) — module
pip
Install with pip install ansible==2.8.13
Manage application control security profiles within FortiManager
- name: DELETE Profile fmgr_secprof_appctrl: name: "Ansible_Application_Control_Profile" comment: "Created by Ansible Module TEST" mode: "delete"
- name: CREATE Profile fmgr_secprof_appctrl: name: "Ansible_Application_Control_Profile" comment: "Created by Ansible Module TEST" mode: "set" entries: [{ action: "block", log: "enable", log-packet: "enable", protocols: ["1"], quarantine: "attacker", quarantine-log: "enable", }, {action: "pass", category: ["2","3","4"]}, ]
adom: default: root description: - The ADOM the configuration should belong to. required: false mode: choices: - add - set - delete - update default: add description: - Sets one of three modes for managing the object. - Allows use of soft-adds instead of overwriting existing values required: false name: description: - List name. required: false comment: description: - comments required: false entries: description: - EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED! - List of multiple child objects to be added. Expects a list of dictionaries. - Dictionaries must use FortiManager API parameters, not the ansible ones listed below. - If submitted, all other prefixed sub-parameters ARE IGNORED. This object is MUTUALLY EXCLUSIVE with its options. - We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide. - WHEN IN DOUBT, OMIT THE USE OF THIS PARAMETER - AND USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS required: false options: choices: - allow-dns - allow-icmp - allow-http - allow-ssl - allow-quic description: - NO DESCRIPTION PARSED ENTER MANUALLY - FLAG Based Options. Specify multiple in list form. - flag | allow-dns | Allow DNS. - flag | allow-icmp | Allow ICMP. - flag | allow-http | Allow generic HTTP web browsing. - flag | allow-ssl | Allow generic SSL communication. - flag | allow-quic | Allow QUIC. required: false entries_log: choices: - disable - enable description: - Enable/disable logging for this application list. - choice | disable | Disable logging. - choice | enable | Enable logging. required: false entries_risk: description: - Risk, or impact, of allowing traffic from this application to occur 1 - 5; - (Low, Elevated, Medium, High, and Critical). required: false extended_log: choices: - disable - enable description: - Enable/disable extended logging. - choice | disable | Disable setting. - choice | enable | Enable setting. required: false app_replacemsg: choices: - disable - enable description: - Enable/disable replacement messages for blocked applications. - choice | disable | Disable replacement messages for blocked applications. - choice | enable | Enable replacement messages for blocked applications. required: false entries_action: choices: - pass - block - reset description: - Pass or block traffic, or reset connection for traffic from this application. - choice | pass | Pass or allow matching traffic. - choice | block | Block or drop matching traffic. - choice | reset | Reset sessions for matching traffic. required: false entries_shaper: description: - Traffic shaper. required: false entries_vendor: description: - Application vendor filter. required: false p2p_black_list: choices: - skype - edonkey - bittorrent description: - NO DESCRIPTION PARSED ENTER MANUALLY - FLAG Based Options. Specify multiple in list form. - flag | skype | Skype. - flag | edonkey | Edonkey. - flag | bittorrent | Bit torrent. required: false entries_behavior: description: - Application behavior filter. required: false entries_category: description: - Category ID list. required: false replacemsg_group: description: - Replacement message group. required: false entries_protocols: description: - Application protocol filter. required: false entries_rate_mode: choices: - periodical - continuous description: - Rate limit mode. - choice | periodical | Allow configured number of packets every rate-duration. - choice | continuous | Block packets once the rate is reached. required: false entries_log_packet: choices: - disable - enable description: - Enable/disable packet logging. - choice | disable | Disable packet logging. - choice | enable | Enable packet logging. required: false entries_popularity: choices: - '1' - '2' - '3' - '4' - '5' description: - Application popularity filter (1 - 5, from least to most popular). - FLAG Based Options. Specify multiple in list form. - flag | 1 | Popularity level 1. - flag | 2 | Popularity level 2. - flag | 3 | Popularity level 3. - flag | 4 | Popularity level 4. - flag | 5 | Popularity level 5. required: false entries_quarantine: choices: - none - attacker description: - Quarantine method. - choice | none | Quarantine is disabled. - choice | attacker | Block all traffic sent from attacker's IP address. - The attacker's IP address is also added to the banned user list. The target's address is not affected. required: false entries_rate_count: description: - Count of the rate. required: false entries_rate_track: choices: - none - src-ip - dest-ip - dhcp-client-mac - dns-domain description: - Track the packet protocol field. - choice | none | - choice | src-ip | Source IP. - choice | dest-ip | Destination IP. - choice | dhcp-client-mac | DHCP client. - choice | dns-domain | DNS domain. required: false entries_technology: description: - Application technology filter. required: false deep_app_inspection: choices: - disable - enable description: - Enable/disable deep application inspection. - choice | disable | Disable deep application inspection. - choice | enable | Enable deep application inspection. required: false entries_application: description: - ID of allowed applications. required: false entries_session_ttl: description: - Session TTL (0 = default). required: false entries_sub_category: description: - Application Sub-category ID list. required: false entries_per_ip_shaper: description: - Per-IP traffic shaper. required: false entries_rate_duration: description: - Duration (sec) of the rate. required: false other_application_log: choices: - disable - enable description: - Enable/disable logging for other applications. - choice | disable | Disable logging for other applications. - choice | enable | Enable logging for other applications. required: false entries_quarantine_log: choices: - disable - enable description: - Enable/disable quarantine logging. - choice | disable | Disable quarantine logging. - choice | enable | Enable quarantine logging. required: false entries_shaper_reverse: description: - Reverse traffic shaper. required: false unknown_application_log: choices: - disable - enable description: - Enable/disable logging for unknown applications. - choice | disable | Disable logging for unknown applications. - choice | enable | Enable logging for unknown applications. required: false entries_parameters_value: description: - Parameter value. required: false other_application_action: choices: - pass - block description: - Action for other applications. - choice | pass | Allow sessions matching an application in this application list. - choice | block | Block sessions matching an application in this application list. required: false entries_quarantine_expiry: description: - Duration of quarantine. (Format - Requires quarantine set to attacker. required: false unknown_application_action: choices: - pass - block description: - Pass or block traffic from unknown applications. - choice | pass | Pass or allow unknown applications. - choice | block | Drop or block unknown applications. required: false
api_result: description: full API response, includes status code and message returned: always type: str