/ home / ansible / ansible.builtin / v2.8.20 / module / fortios_authentication_rule

ansible.builtin.fortios_authentication_rule (v2.8.20) — module

Configure Authentication Rules in Fortinet's FortiOS and FortiGate.

| "added in version" 2.8 of ansible.builtin"

Authors: Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico)

preview | supported by community

Install Ansible via `pip`

Install with pip install ansible==2.8.20

Description

This module is able to configure a FortiGate or FortiOS by allowing the user to configure authentication feature and rule category. Examples includes all options and need to be adjusted to datasources before usage. Tested with FOS v6.0.2

Requirements

fortiosapi>=0.9.8

Usage examples

Scanned by Steampunk Spotter

- hosts: localhost
  vars:
   host: "192.168.122.40"
   username: "admin"
   password: ""
   vdom: "root"
  tasks:
  - name: Configure Authentication Rules.
    fortios_authentication_rule:
      host:  "{{ host }}"
      username: "{{ username }}"
      password: "{{ password }}"
      vdom:  "{{ vdom }}"
      authentication_rule:
        state: "present"
        active-auth-method: "<your_own_value> (source authentication.scheme.name)"
        comments: "<your_own_value>"
        ip-based: "enable"
        name: "default_name_6"
        protocol: "http"
        srcaddr:
         -
            name: "default_name_9 (source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name firewall.proxy-addrgrp.name)"
        srcaddr6:
         -
            name: "default_name_11 (source firewall.address6.name firewall.addrgrp6.name)"
        sso-auth-method: "<your_own_value> (source authentication.scheme.name)"
        status: "enable"
        transaction-based: "enable"
        web-auth-cookie: "enable"

Inputs

    
host:
    description:
    - FortiOS or FortiGate ip address.
    required: true

vdom:
    default: root
    description:
    - Virtual domain, among those defined previously. A vdom is a virtual instance of
      the FortiGate that can be configured and used as a different unit.

https:
    default: false
    description:
    - Indicates if the requests towards FortiGate must use HTTPS protocol
    type: bool

password:
    default: ''
    description:
    - FortiOS or FortiGate password.

username:
    description:
    - FortiOS or FortiGate username.
    required: true

authentication_rule:
    default: null
    description:
    - Configure Authentication Rules.
    suboptions:
      active-auth-method:
        description:
        - Select an active authentication method. Source authentication.scheme.name.
      comments:
        description:
        - Comment.
      ip-based:
        choices:
        - enable
        - disable
        description:
        - Enable/disable IP-based authentication. Once a user authenticates all traffic
          from the IP address the user authenticated from is allowed.
      name:
        description:
        - Authentication rule name.
        required: true
      protocol:
        choices:
        - http
        - ftp
        - socks
        - ssh
        description:
        - Select the protocol to use for authentication (default = http). Users connect
          to the FortiGate using this protocol and are asked to authenticate.
      srcaddr:
        description:
        - Select an IPv4 source address from available options. Required for web proxy
          authentication.
        suboptions:
          name:
            description:
            - Address name. Source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name
              firewall.proxy-addrgrp.name.
            required: true
      srcaddr6:
        description:
        - Select an IPv6 source address. Required for web proxy authentication.
        suboptions:
          name:
            description:
            - Address name. Source firewall.address6.name firewall.addrgrp6.name.
            required: true
      sso-auth-method:
        description:
        - Select a single-sign on (SSO) authentication method. Source authentication.scheme.name.
      state:
        choices:
        - present
        - absent
        description:
        - Indicates whether to create or remove the object
      status:
        choices:
        - enable
        - disable
        description:
        - Enable/disable this authentication rule.
      transaction-based:
        choices:
        - enable
        - disable
        description:
        - Enable/disable transaction based authentication (default = disable).
      web-auth-cookie:
        choices:
        - enable
        - disable
        description:
        - Enable/disable Web authentication cookies (default = disable).

Outputs

build:
  description: Build number of the fortigate image
  returned: always
  sample: '1547'
  type: str
http_method:
  description: Last method used to provision the content into FortiGate
  returned: always
  sample: PUT
  type: str
http_status:
  description: Last result given by FortiGate on last operation applied
  returned: always
  sample: '200'
  type: str
mkey:
  description: Master key (id) used in the last call to FortiGate
  returned: success
  sample: id
  type: str
name:
  description: Name of the table used to fulfill the request
  returned: always
  sample: urlfilter
  type: str
path:
  description: Path of the table used to fulfill the request
  returned: always
  sample: webfilter
  type: str
revision:
  description: Internal revision number
  returned: always
  sample: 17.0.2.10658
  type: str
serial:
  description: Serial number of the unit
  returned: always
  sample: FGVMEVYYQT3AB5352
  type: str
status:
  description: Indication of the operation's result
  returned: always
  sample: success
  type: str
vdom:
  description: Virtual domain used
  returned: always
  sample: root
  type: str
version:
  description: Version of the FortiGate
  returned: always
  sample: v5.6.3
  type: str

Install Ansible via pip