ansible / ansible.builtin / v2.8.15 / module / fortios_wireless_controller_wids_profile Configure wireless intrusion detection system (WIDS) profiles in Fortinet's FortiOS and FortiGate. | "added in version" 2.8 of ansible.builtin" Authors: Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico) preview | supported by communityansible.builtin.fortios_wireless_controller_wids_profile (v2.8.15) — module
pip
Install with pip install ansible==2.8.15
This module is able to configure a FortiGate or FortiOS by allowing the user to set and modify wireless_controller feature and wids_profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.2
- hosts: localhost vars: host: "192.168.122.40" username: "admin" password: "" vdom: "root" tasks: - name: Configure wireless intrusion detection system (WIDS) profiles. fortios_wireless_controller_wids_profile: host: "{{ host }}" username: "{{ username }}" password: "{{ password }}" vdom: "{{ vdom }}" https: "False" wireless_controller_wids_profile: state: "present" ap-auto-suppress: "enable" ap-bgscan-disable-day: "sunday" ap-bgscan-disable-end: "<your_own_value>" ap-bgscan-disable-start: "<your_own_value>" ap-bgscan-duration: "7" ap-bgscan-idle: "8" ap-bgscan-intv: "9" ap-bgscan-period: "10" ap-bgscan-report-intv: "11" ap-fgscan-report-intv: "12" ap-scan: "disable" ap-scan-passive: "enable" asleap-attack: "enable" assoc-flood-thresh: "16" assoc-flood-time: "17" assoc-frame-flood: "enable" auth-flood-thresh: "19" auth-flood-time: "20" auth-frame-flood: "enable" comment: "Comment." deauth-broadcast: "enable" deauth-unknown-src-thresh: "24" eapol-fail-flood: "enable" eapol-fail-intv: "26" eapol-fail-thresh: "27" eapol-logoff-flood: "enable" eapol-logoff-intv: "29" eapol-logoff-thresh: "30" eapol-pre-fail-flood: "enable" eapol-pre-fail-intv: "32" eapol-pre-fail-thresh: "33" eapol-pre-succ-flood: "enable" eapol-pre-succ-intv: "35" eapol-pre-succ-thresh: "36" eapol-start-flood: "enable" eapol-start-intv: "38" eapol-start-thresh: "39" eapol-succ-flood: "enable" eapol-succ-intv: "41" eapol-succ-thresh: "42" invalid-mac-oui: "enable" long-duration-attack: "enable" long-duration-thresh: "45" name: "default_name_46" null-ssid-probe-resp: "enable" sensor-mode: "disable" spoofed-deauth: "enable" weak-wep-iv: "enable" wireless-bridge: "enable"
host: description: - FortiOS or FortiGate ip address. required: true vdom: default: root description: - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. https: default: true description: - Indicates if the requests towards FortiGate must use HTTPS protocol type: bool password: default: '' description: - FortiOS or FortiGate password. username: description: - FortiOS or FortiGate username. required: true wireless_controller_wids_profile: default: null description: - Configure wireless intrusion detection system (WIDS) profiles. suboptions: ap-auto-suppress: choices: - enable - disable description: - Enable/disable on-wire rogue AP auto-suppression (default = disable). ap-bgscan-disable-day: choices: - sunday - monday - tuesday - wednesday - thursday - friday - saturday description: - Optionally turn off scanning for one or more days of the week. Separate the days with a space. By default, no days are set. ap-bgscan-disable-end: description: - End time, using a 24-hour clock in the format of hh:mm, for disabling background scanning (default = 00:00). ap-bgscan-disable-start: description: - Start time, using a 24-hour clock in the format of hh:mm, for disabling background scanning (default = 00:00). ap-bgscan-duration: description: - Listening time on a scanning channel (10 - 1000 msec, default = 20). ap-bgscan-idle: description: - Waiting time for channel inactivity before scanning this channel (0 - 1000 msec, default = 0). ap-bgscan-intv: description: - Period of time between scanning two channels (1 - 600 sec, default = 1). ap-bgscan-period: description: - Period of time between background scans (60 - 3600 sec, default = 600). ap-bgscan-report-intv: description: - Period of time between background scan reports (15 - 600 sec, default = 30). ap-fgscan-report-intv: description: - Period of time between foreground scan reports (15 - 600 sec, default = 15). ap-scan: choices: - disable - enable description: - Enable/disable rogue AP detection. ap-scan-passive: choices: - enable - disable description: - Enable/disable passive scanning. Enable means do not send probe request on any channels (default = disable). asleap-attack: choices: - enable - disable description: - Enable/disable asleap attack detection (default = disable). assoc-flood-thresh: description: - The threshold value for association frame flooding. assoc-flood-time: description: - Number of seconds after which a station is considered not connected. assoc-frame-flood: choices: - enable - disable description: - Enable/disable association frame flooding detection (default = disable). auth-flood-thresh: description: - The threshold value for authentication frame flooding. auth-flood-time: description: - Number of seconds after which a station is considered not connected. auth-frame-flood: choices: - enable - disable description: - Enable/disable authentication frame flooding detection (default = disable). comment: description: - Comment. deauth-broadcast: choices: - enable - disable description: - Enable/disable broadcasting de-authentication detection (default = disable). deauth-unknown-src-thresh: description: - 'Threshold value per second to deauth unknown src for DoS attack (0: no limit).' eapol-fail-flood: choices: - enable - disable description: - Enable/disable EAPOL-Failure flooding (to AP) detection (default = disable). eapol-fail-intv: description: - The detection interval for EAPOL-Failure flooding (1 - 3600 sec). eapol-fail-thresh: description: - The threshold value for EAPOL-Failure flooding in specified interval. eapol-logoff-flood: choices: - enable - disable description: - Enable/disable EAPOL-Logoff flooding (to AP) detection (default = disable). eapol-logoff-intv: description: - The detection interval for EAPOL-Logoff flooding (1 - 3600 sec). eapol-logoff-thresh: description: - The threshold value for EAPOL-Logoff flooding in specified interval. eapol-pre-fail-flood: choices: - enable - disable description: - Enable/disable premature EAPOL-Failure flooding (to STA) detection (default = disable). eapol-pre-fail-intv: description: - The detection interval for premature EAPOL-Failure flooding (1 - 3600 sec). eapol-pre-fail-thresh: description: - The threshold value for premature EAPOL-Failure flooding in specified interval. eapol-pre-succ-flood: choices: - enable - disable description: - Enable/disable premature EAPOL-Success flooding (to STA) detection (default = disable). eapol-pre-succ-intv: description: - The detection interval for premature EAPOL-Success flooding (1 - 3600 sec). eapol-pre-succ-thresh: description: - The threshold value for premature EAPOL-Success flooding in specified interval. eapol-start-flood: choices: - enable - disable description: - Enable/disable EAPOL-Start flooding (to AP) detection (default = disable). eapol-start-intv: description: - The detection interval for EAPOL-Start flooding (1 - 3600 sec). eapol-start-thresh: description: - The threshold value for EAPOL-Start flooding in specified interval. eapol-succ-flood: choices: - enable - disable description: - Enable/disable EAPOL-Success flooding (to AP) detection (default = disable). eapol-succ-intv: description: - The detection interval for EAPOL-Success flooding (1 - 3600 sec). eapol-succ-thresh: description: - The threshold value for EAPOL-Success flooding in specified interval. invalid-mac-oui: choices: - enable - disable description: - Enable/disable invalid MAC OUI detection. long-duration-attack: choices: - enable - disable description: - Enable/disable long duration attack detection based on user configured threshold (default = disable). long-duration-thresh: description: - Threshold value for long duration attack detection (1000 - 32767 usec, default = 8200). name: description: - WIDS profile name. required: true null-ssid-probe-resp: choices: - enable - disable description: - Enable/disable null SSID probe response detection (default = disable). sensor-mode: choices: - disable - foreign - both description: - Scan WiFi nearby stations (default = disable). spoofed-deauth: choices: - enable - disable description: - Enable/disable spoofed de-authentication attack detection (default = disable). state: choices: - present - absent description: - Indicates whether to create or remove the object weak-wep-iv: choices: - enable - disable description: - Enable/disable weak WEP IV (Initialization Vector) detection (default = disable). wireless-bridge: choices: - enable - disable description: - Enable/disable wireless bridge detection (default = disable).
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str