Try SpotterConfigure admin users in Fortinet's FortiOS and FortiGate.
| "added in version" 2.8 of ansible.builtin"
Authors: Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico)
preview | supported by community
pipInstall with pip install ansible==2.8.20
This module is able to configure a FortiGate or FortiOS by allowing the user to set and modify system feature and admin category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.2
- hosts: localhost
vars:
host: "192.168.122.40"
username: "admin"
password: ""
vdom: "root"
tasks:
- name: Configure admin users.
fortios_system_admin:
host: "{{ host }}"
username: "{{ username }}"
password: "{{ password }}"
vdom: "{{ vdom }}"
https: "False"
system_admin:
state: "present"
accprofile: "<your_own_value> (source system.accprofile.name)"
accprofile-override: "enable"
allow-remove-admin-session: "enable"
comments: "<your_own_value>"
email-to: "<your_own_value>"
force-password-change: "enable"
fortitoken: "<your_own_value>"
guest-auth: "disable"
guest-lang: "<your_own_value> (source system.custom-language.name)"
guest-usergroups:
-
name: "default_name_13"
gui-dashboard:
-
columns: "15"
id: "16"
layout-type: "responsive"
name: "default_name_18"
scope: "global"
widget:
-
fabric-device: "<your_own_value>"
filters:
-
id: "23"
key: "<your_own_value>"
value: "<your_own_value>"
height: "26"
id: "27"
industry: "default"
interface: "<your_own_value> (source system.interface.name)"
region: "default"
report-by: "source"
sort-by: "<your_own_value>"
timeframe: "realtime"
title: "<your_own_value>"
type: "sysinfo"
visualization: "table"
width: "37"
x-pos: "38"
y-pos: "39"
gui-global-menu-favorites:
-
id: "41"
gui-vdom-menu-favorites:
-
id: "43"
hidden: "44"
history0: "<your_own_value>"
history1: "<your_own_value>"
ip6-trusthost1: "<your_own_value>"
ip6-trusthost10: "<your_own_value>"
ip6-trusthost2: "<your_own_value>"
ip6-trusthost3: "<your_own_value>"
ip6-trusthost4: "<your_own_value>"
ip6-trusthost5: "<your_own_value>"
ip6-trusthost6: "<your_own_value>"
ip6-trusthost7: "<your_own_value>"
ip6-trusthost8: "<your_own_value>"
ip6-trusthost9: "<your_own_value>"
login-time:
-
last-failed-login: "<your_own_value>"
last-login: "<your_own_value>"
usr-name: "<your_own_value>"
name: "default_name_61"
password: "<your_own_value>"
password-expire: "<your_own_value>"
peer-auth: "enable"
peer-group: "<your_own_value>"
radius-vdom-override: "enable"
remote-auth: "enable"
remote-group: "<your_own_value>"
schedule: "<your_own_value>"
sms-custom-server: "<your_own_value> (source system.sms-server.name)"
sms-phone: "<your_own_value>"
sms-server: "fortiguard"
ssh-certificate: "<your_own_value> (source certificate.local.name)"
ssh-public-key1: "<your_own_value>"
ssh-public-key2: "<your_own_value>"
ssh-public-key3: "<your_own_value>"
trusthost1: "<your_own_value>"
trusthost10: "<your_own_value>"
trusthost2: "<your_own_value>"
trusthost3: "<your_own_value>"
trusthost4: "<your_own_value>"
trusthost5: "<your_own_value>"
trusthost6: "<your_own_value>"
trusthost7: "<your_own_value>"
trusthost8: "<your_own_value>"
trusthost9: "<your_own_value>"
two-factor: "disable"
vdom:
-
name: "default_name_89 (source system.vdom.name)"
wildcard: "enable"
host:
description:
- FortiOS or FortiGate ip address.
required: true
vdom:
default: root
description:
- Virtual domain, among those defined previously. A vdom is a virtual instance of
the FortiGate that can be configured and used as a different unit.
https:
default: true
description:
- Indicates if the requests towards FortiGate must use HTTPS protocol
type: bool
password:
default: ''
description:
- FortiOS or FortiGate password.
username:
description:
- FortiOS or FortiGate username.
required: true
system_admin:
default: null
description:
- Configure admin users.
suboptions:
accprofile:
description:
- Access profile for this administrator. Access profiles control administrator
access to FortiGate features. Source system.accprofile.name.
accprofile-override:
choices:
- enable
- disable
description:
- Enable to use the name of an access profile provided by the remote authentication
server to control the FortiGate features that this administrator can access.
allow-remove-admin-session:
choices:
- enable
- disable
description:
- Enable/disable allow admin session to be removed by privileged admin users.
comments:
description:
- Comment.
email-to:
description:
- This administrator's email address.
force-password-change:
choices:
- enable
- disable
description:
- Enable/disable force password change on next login.
fortitoken:
description:
- This administrator's FortiToken serial number.
guest-auth:
choices:
- disable
- enable
description:
- Enable/disable guest authentication.
guest-lang:
description:
- Guest management portal language. Source system.custom-language.name.
guest-usergroups:
description:
- Select guest user groups.
suboptions:
name:
description:
- Select guest user groups.
required: true
gui-dashboard:
description:
- GUI dashboards.
suboptions:
columns:
description:
- Number of columns.
id:
description:
- Dashboard ID.
required: true
layout-type:
choices:
- responsive
- fixed
description:
- Layout type.
name:
description:
- Dashboard name.
scope:
choices:
- global
- vdom
description:
- Dashboard scope.
widget:
description:
- Dashboard widgets.
suboptions:
fabric-device:
description:
- Fabric device to monitor.
filters:
description:
- FortiView filters.
suboptions:
id:
description:
- FortiView Filter ID.
required: true
key:
description:
- Filter key.
value:
description:
- Filter value.
height:
description:
- Height.
id:
description:
- Widget ID.
required: true
industry:
choices:
- default
- custom
description:
- Security Audit Rating industry.
interface:
description:
- Interface to monitor. Source system.interface.name.
region:
choices:
- default
- custom
description:
- Security Audit Rating region.
report-by:
choices:
- source
- destination
- country
- intfpair
- srcintf
- dstintf
- policy
- wificlient
- shaper
- endpoint-vulnerability
- endpoint-device
- application
- cloud-app
- cloud-user
- web-domain
- web-category
- web-search-phrase
- threat
- system
- unauth
- admin
- vpn
description:
- Field to aggregate the data by.
sort-by:
description:
- Field to sort the data by.
timeframe:
choices:
- realtime
- 5min
- hour
- day
- week
description:
- Timeframe period of reported data.
title:
description:
- Widget title.
type:
choices:
- sysinfo
- licinfo
- vminfo
- forticloud
- cpu-usage
- memory-usage
- disk-usage
- log-rate
- sessions
- session-rate
- tr-history
- analytics
- usb-modem
- admins
- security-fabric
- security-fabric-ranking
- ha-status
- vulnerability-summary
- host-scan-summary
- fortiview
- botnet-activity
- fortimail
description:
- Widget type.
visualization:
choices:
- table
- bubble
- country
- chord
description:
- Visualization to use.
width:
description:
- Width.
x-pos:
description:
- X position.
y-pos:
description:
- Y position.
gui-global-menu-favorites:
description:
- Favorite GUI menu IDs for the global VDOM.
suboptions:
id:
description:
- Select menu ID.
required: true
gui-vdom-menu-favorites:
description:
- Favorite GUI menu IDs for VDOMs.
suboptions:
id:
description:
- Select menu ID.
required: true
hidden:
description:
- Admin user hidden attribute.
history0:
description:
- history0
history1:
description:
- history1
ip6-trusthost1:
description:
- Any IPv6 address from which the administrator can connect to the FortiGate unit.
Default allows access from any IPv6 address.
ip6-trusthost10:
description:
- Any IPv6 address from which the administrator can connect to the FortiGate unit.
Default allows access from any IPv6 address.
ip6-trusthost2:
description:
- Any IPv6 address from which the administrator can connect to the FortiGate unit.
Default allows access from any IPv6 address.
ip6-trusthost3:
description:
- Any IPv6 address from which the administrator can connect to the FortiGate unit.
Default allows access from any IPv6 address.
ip6-trusthost4:
description:
- Any IPv6 address from which the administrator can connect to the FortiGate unit.
Default allows access from any IPv6 address.
ip6-trusthost5:
description:
- Any IPv6 address from which the administrator can connect to the FortiGate unit.
Default allows access from any IPv6 address.
ip6-trusthost6:
description:
- Any IPv6 address from which the administrator can connect to the FortiGate unit.
Default allows access from any IPv6 address.
ip6-trusthost7:
description:
- Any IPv6 address from which the administrator can connect to the FortiGate unit.
Default allows access from any IPv6 address.
ip6-trusthost8:
description:
- Any IPv6 address from which the administrator can connect to the FortiGate unit.
Default allows access from any IPv6 address.
ip6-trusthost9:
description:
- Any IPv6 address from which the administrator can connect to the FortiGate unit.
Default allows access from any IPv6 address.
login-time:
description:
- Record user login time.
suboptions:
last-failed-login:
description:
- Last failed login time.
last-login:
description:
- Last successful login time.
usr-name:
description:
- User name.
required: true
name:
description:
- User name.
required: true
password:
description:
- Admin user password.
password-expire:
description:
- Password expire time.
peer-auth:
choices:
- enable
- disable
description:
- Set to enable peer certificate authentication (for HTTPS admin access).
peer-group:
description:
- Name of peer group defined under config user group which has PKI members. Used
for peer certificate authentication (for HTTPS admin access).
radius-vdom-override:
choices:
- enable
- disable
description:
- Enable to use the names of VDOMs provided by the remote authentication server
to control the VDOMs that this administrator can access.
remote-auth:
choices:
- enable
- disable
description:
- Enable/disable authentication using a remote RADIUS, LDAP, or TACACS+ server.
remote-group:
description:
- User group name used for remote auth.
schedule:
description:
- Firewall schedule used to restrict when the administrator can log in. No schedule
means no restrictions.
sms-custom-server:
description:
- Custom SMS server to send SMS messages to. Source system.sms-server.name.
sms-phone:
description:
- Phone number on which the administrator receives SMS messages.
sms-server:
choices:
- fortiguard
- custom
description:
- Send SMS messages using the FortiGuard SMS server or a custom server.
ssh-certificate:
description:
- Select the certificate to be used by the FortiGate for authentication with an
SSH client. Source certificate.local.name.
ssh-public-key1:
description:
- Public key of an SSH client. The client is authenticated without being asked
for credentials. Create the public-private key pair in the SSH client application.
ssh-public-key2:
description:
- Public key of an SSH client. The client is authenticated without being asked
for credentials. Create the public-private key pair in the SSH client application.
ssh-public-key3:
description:
- Public key of an SSH client. The client is authenticated without being asked
for credentials. Create the public-private key pair in the SSH client application.
state:
choices:
- present
- absent
description:
- Indicates whether to create or remove the object
trusthost1:
description:
- Any IPv4 address or subnet address and netmask from which the administrator
can connect to the FortiGate unit. Default allows access from any IPv4 address.
trusthost10:
description:
- Any IPv4 address or subnet address and netmask from which the administrator
can connect to the FortiGate unit. Default allows access from any IPv4 address.
trusthost2:
description:
- Any IPv4 address or subnet address and netmask from which the administrator
can connect to the FortiGate unit. Default allows access from any IPv4 address.
trusthost3:
description:
- Any IPv4 address or subnet address and netmask from which the administrator
can connect to the FortiGate unit. Default allows access from any IPv4 address.
trusthost4:
description:
- Any IPv4 address or subnet address and netmask from which the administrator
can connect to the FortiGate unit. Default allows access from any IPv4 address.
trusthost5:
description:
- Any IPv4 address or subnet address and netmask from which the administrator
can connect to the FortiGate unit. Default allows access from any IPv4 address.
trusthost6:
description:
- Any IPv4 address or subnet address and netmask from which the administrator
can connect to the FortiGate unit. Default allows access from any IPv4 address.
trusthost7:
description:
- Any IPv4 address or subnet address and netmask from which the administrator
can connect to the FortiGate unit. Default allows access from any IPv4 address.
trusthost8:
description:
- Any IPv4 address or subnet address and netmask from which the administrator
can connect to the FortiGate unit. Default allows access from any IPv4 address.
trusthost9:
description:
- Any IPv4 address or subnet address and netmask from which the administrator
can connect to the FortiGate unit. Default allows access from any IPv4 address.
two-factor:
choices:
- disable
- fortitoken
- email
- sms
description:
- Enable/disable two-factor authentication.
vdom:
description:
- Virtual domain(s) that the administrator can access.
suboptions:
name:
description:
- Virtual domain name. Source system.vdom.name.
required: true
wildcard:
choices:
- enable
- disable
description:
- Enable/disable wildcard RADIUS authentication.
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str