ansible / ansible.builtin / v2.8.20 / module / fortios_ipv4_policy Manage IPv4 policy objects on Fortinet FortiOS firewall devices | "added in version" 2.3 of ansible.builtin" Authors: Benjamin Jolivot (@bjolivot) preview | supported by communityansible.builtin.fortios_ipv4_policy (v2.8.20) — module
pip
Install with pip install ansible==2.8.20
This module provides management of firewall IPv4 policies on FortiOS devices.
- name: Allow external DNS call fortios_ipv4_policy: host: 192.168.0.254 username: admin password: password id: 42 src_addr: internal_network dst_addr: all service: dns nat: True state: present policy_action: accept logtraffic: disable
- name: Public Web fortios_ipv4_policy: host: 192.168.0.254 username: admin password: password id: 42 src_addr: all dst_addr: webservers services: - http - https state: present policy_action: accept
- name: Some Policy fortios_ipv4_policy: host: 192.168.0.254 username: admin password: password id: 42 comment: "no comment (created by ansible)" src_intf: vl1000 src_addr: - some_serverA - some_serverB dst_intf: - vl2000 - vl3000 dst_addr: all services: - HTTP - HTTPS nat: True state: present policy_action: accept logtraffic: disable tags: - policy
id: description: - 'Policy ID. Warning: policy ID number is different than Policy sequence number. The policy ID is the number assigned at policy creation. The sequence number represents the order in which the Fortigate will evaluate the rule for policy enforcement, and also the order in which rules are listed in the GUI and CLI. These two numbers do not necessarily correlate: this module is based off policy ID. TIP: policy ID can be viewed in the GUI by adding ''ID'' to the display columns' required: true nat: default: false description: - Enable or disable Nat. type: bool host: description: - Specifies the DNS hostname or IP address for connecting to the remote fortios device. Required when I(file_mode) is False. type: str vdom: description: - Specifies on which vdom to apply configuration type: str state: choices: - present - absent default: present description: - Specifies if policy I(id) need to be added or deleted. backup: default: false description: - This argument will cause the module to create a backup of the current C(running-config) from the remote device before any changes are made. The backup file is written to the i(backup) folder. type: bool comment: description: - free text to describe policy. service: aliases: - services description: - 'Specifies policy service(s), could be a list (ex: [''MAIL'',''DNS'']). Required when I(state=present).' timeout: default: 60 description: - Timeout in seconds for connecting to the remote device. type: int dst_addr: description: - Specifies destination address (or group) object name(s). Required when I(state=present). dst_intf: default: any description: - Specifies destination interface name(s). password: description: - Specifies the password used to authenticate to the remote device. Required when I(file_mode) is True. type: str poolname: description: - Specifies NAT pool name. schedule: default: always description: - defines policy schedule. src_addr: description: - Specifies source address (or group) object name(s). Required when I(state=present). src_intf: default: any description: - Specifies source interface name(s). username: description: - Configures the username used to authenticate to the remote device. Required when I(file_mode) is True. type: str file_mode: default: false description: - Don't connect to any device, only use I(config_file) as input and Output. type: bool version_added: '2.4' version_added_collection: fortinet.fortios fixedport: default: false description: - Use fixed port for nat. type: bool av_profile: description: - Specifies Antivirus profile name. ips_sensor: description: - Specifies IPS Sensor profile name. logtraffic: choices: - disable - utm - all default: utm description: - Logs sessions that matched policy. version_added: '2.4' version_added_collection: ansible.builtin backup_path: description: - Specifies where to store backup files. Required if I(backup=yes). type: path config_file: description: - Path to configuration file. Required when I(file_mode) is True. type: path version_added: '2.4' version_added_collection: fortinet.fortios policy_action: aliases: - action choices: - accept - deny description: - Specifies accept or deny action policy. Required when I(state=present). service_negate: default: false description: - Negate policy service(s) defined in service value. type: bool backup_filename: description: - Specifies the backup filename. If omitted filename will be formatted like HOST_config.YYYY-MM-DD@HH:MM:SS type: str dst_addr_negate: default: false description: - Negate destination address param. type: bool src_addr_negate: default: false description: - Negate source address param. type: bool application_list: description: - Specifies Application Control name. logtraffic_start: default: false description: - Logs beginning of session as well. type: bool version_added: '2.4' version_added_collection: ansible.builtin webfilter_profile: description: - Specifies Webfilter profile name.
change_string: description: The commands executed by the module returned: only if config changed type: str firewall_address_config: description: full firewall addresses config string returned: always type: str msg_error_list: description: List of errors returned by CLI (use -vvv for better readability). returned: only when error type: str