Try SpotterConfigure wireless intrusion detection system (WIDS) profiles in Fortinet's FortiOS and FortiGate.
| "added in version" 2.8 of ansible.builtin"
Authors: Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico)
preview | supported by community
pipInstall with pip install ansible==2.8.20
This module is able to configure a FortiGate or FortiOS by allowing the user to set and modify wireless_controller feature and wids_profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.2
- hosts: localhost
vars:
host: "192.168.122.40"
username: "admin"
password: ""
vdom: "root"
tasks:
- name: Configure wireless intrusion detection system (WIDS) profiles.
fortios_wireless_controller_wids_profile:
host: "{{ host }}"
username: "{{ username }}"
password: "{{ password }}"
vdom: "{{ vdom }}"
https: "False"
wireless_controller_wids_profile:
state: "present"
ap-auto-suppress: "enable"
ap-bgscan-disable-day: "sunday"
ap-bgscan-disable-end: "<your_own_value>"
ap-bgscan-disable-start: "<your_own_value>"
ap-bgscan-duration: "7"
ap-bgscan-idle: "8"
ap-bgscan-intv: "9"
ap-bgscan-period: "10"
ap-bgscan-report-intv: "11"
ap-fgscan-report-intv: "12"
ap-scan: "disable"
ap-scan-passive: "enable"
asleap-attack: "enable"
assoc-flood-thresh: "16"
assoc-flood-time: "17"
assoc-frame-flood: "enable"
auth-flood-thresh: "19"
auth-flood-time: "20"
auth-frame-flood: "enable"
comment: "Comment."
deauth-broadcast: "enable"
deauth-unknown-src-thresh: "24"
eapol-fail-flood: "enable"
eapol-fail-intv: "26"
eapol-fail-thresh: "27"
eapol-logoff-flood: "enable"
eapol-logoff-intv: "29"
eapol-logoff-thresh: "30"
eapol-pre-fail-flood: "enable"
eapol-pre-fail-intv: "32"
eapol-pre-fail-thresh: "33"
eapol-pre-succ-flood: "enable"
eapol-pre-succ-intv: "35"
eapol-pre-succ-thresh: "36"
eapol-start-flood: "enable"
eapol-start-intv: "38"
eapol-start-thresh: "39"
eapol-succ-flood: "enable"
eapol-succ-intv: "41"
eapol-succ-thresh: "42"
invalid-mac-oui: "enable"
long-duration-attack: "enable"
long-duration-thresh: "45"
name: "default_name_46"
null-ssid-probe-resp: "enable"
sensor-mode: "disable"
spoofed-deauth: "enable"
weak-wep-iv: "enable"
wireless-bridge: "enable"
host:
description:
- FortiOS or FortiGate ip address.
required: true
vdom:
default: root
description:
- Virtual domain, among those defined previously. A vdom is a virtual instance of
the FortiGate that can be configured and used as a different unit.
https:
default: true
description:
- Indicates if the requests towards FortiGate must use HTTPS protocol
type: bool
password:
default: ''
description:
- FortiOS or FortiGate password.
username:
description:
- FortiOS or FortiGate username.
required: true
wireless_controller_wids_profile:
default: null
description:
- Configure wireless intrusion detection system (WIDS) profiles.
suboptions:
ap-auto-suppress:
choices:
- enable
- disable
description:
- Enable/disable on-wire rogue AP auto-suppression (default = disable).
ap-bgscan-disable-day:
choices:
- sunday
- monday
- tuesday
- wednesday
- thursday
- friday
- saturday
description:
- Optionally turn off scanning for one or more days of the week. Separate the
days with a space. By default, no days are set.
ap-bgscan-disable-end:
description:
- End time, using a 24-hour clock in the format of hh:mm, for disabling background
scanning (default = 00:00).
ap-bgscan-disable-start:
description:
- Start time, using a 24-hour clock in the format of hh:mm, for disabling background
scanning (default = 00:00).
ap-bgscan-duration:
description:
- Listening time on a scanning channel (10 - 1000 msec, default = 20).
ap-bgscan-idle:
description:
- Waiting time for channel inactivity before scanning this channel (0 - 1000 msec,
default = 0).
ap-bgscan-intv:
description:
- Period of time between scanning two channels (1 - 600 sec, default = 1).
ap-bgscan-period:
description:
- Period of time between background scans (60 - 3600 sec, default = 600).
ap-bgscan-report-intv:
description:
- Period of time between background scan reports (15 - 600 sec, default = 30).
ap-fgscan-report-intv:
description:
- Period of time between foreground scan reports (15 - 600 sec, default = 15).
ap-scan:
choices:
- disable
- enable
description:
- Enable/disable rogue AP detection.
ap-scan-passive:
choices:
- enable
- disable
description:
- Enable/disable passive scanning. Enable means do not send probe request on any
channels (default = disable).
asleap-attack:
choices:
- enable
- disable
description:
- Enable/disable asleap attack detection (default = disable).
assoc-flood-thresh:
description:
- The threshold value for association frame flooding.
assoc-flood-time:
description:
- Number of seconds after which a station is considered not connected.
assoc-frame-flood:
choices:
- enable
- disable
description:
- Enable/disable association frame flooding detection (default = disable).
auth-flood-thresh:
description:
- The threshold value for authentication frame flooding.
auth-flood-time:
description:
- Number of seconds after which a station is considered not connected.
auth-frame-flood:
choices:
- enable
- disable
description:
- Enable/disable authentication frame flooding detection (default = disable).
comment:
description:
- Comment.
deauth-broadcast:
choices:
- enable
- disable
description:
- Enable/disable broadcasting de-authentication detection (default = disable).
deauth-unknown-src-thresh:
description:
- 'Threshold value per second to deauth unknown src for DoS attack (0: no limit).'
eapol-fail-flood:
choices:
- enable
- disable
description:
- Enable/disable EAPOL-Failure flooding (to AP) detection (default = disable).
eapol-fail-intv:
description:
- The detection interval for EAPOL-Failure flooding (1 - 3600 sec).
eapol-fail-thresh:
description:
- The threshold value for EAPOL-Failure flooding in specified interval.
eapol-logoff-flood:
choices:
- enable
- disable
description:
- Enable/disable EAPOL-Logoff flooding (to AP) detection (default = disable).
eapol-logoff-intv:
description:
- The detection interval for EAPOL-Logoff flooding (1 - 3600 sec).
eapol-logoff-thresh:
description:
- The threshold value for EAPOL-Logoff flooding in specified interval.
eapol-pre-fail-flood:
choices:
- enable
- disable
description:
- Enable/disable premature EAPOL-Failure flooding (to STA) detection (default
= disable).
eapol-pre-fail-intv:
description:
- The detection interval for premature EAPOL-Failure flooding (1 - 3600 sec).
eapol-pre-fail-thresh:
description:
- The threshold value for premature EAPOL-Failure flooding in specified interval.
eapol-pre-succ-flood:
choices:
- enable
- disable
description:
- Enable/disable premature EAPOL-Success flooding (to STA) detection (default
= disable).
eapol-pre-succ-intv:
description:
- The detection interval for premature EAPOL-Success flooding (1 - 3600 sec).
eapol-pre-succ-thresh:
description:
- The threshold value for premature EAPOL-Success flooding in specified interval.
eapol-start-flood:
choices:
- enable
- disable
description:
- Enable/disable EAPOL-Start flooding (to AP) detection (default = disable).
eapol-start-intv:
description:
- The detection interval for EAPOL-Start flooding (1 - 3600 sec).
eapol-start-thresh:
description:
- The threshold value for EAPOL-Start flooding in specified interval.
eapol-succ-flood:
choices:
- enable
- disable
description:
- Enable/disable EAPOL-Success flooding (to AP) detection (default = disable).
eapol-succ-intv:
description:
- The detection interval for EAPOL-Success flooding (1 - 3600 sec).
eapol-succ-thresh:
description:
- The threshold value for EAPOL-Success flooding in specified interval.
invalid-mac-oui:
choices:
- enable
- disable
description:
- Enable/disable invalid MAC OUI detection.
long-duration-attack:
choices:
- enable
- disable
description:
- Enable/disable long duration attack detection based on user configured threshold
(default = disable).
long-duration-thresh:
description:
- Threshold value for long duration attack detection (1000 - 32767 usec, default
= 8200).
name:
description:
- WIDS profile name.
required: true
null-ssid-probe-resp:
choices:
- enable
- disable
description:
- Enable/disable null SSID probe response detection (default = disable).
sensor-mode:
choices:
- disable
- foreign
- both
description:
- Scan WiFi nearby stations (default = disable).
spoofed-deauth:
choices:
- enable
- disable
description:
- Enable/disable spoofed de-authentication attack detection (default = disable).
state:
choices:
- present
- absent
description:
- Indicates whether to create or remove the object
weak-wep-iv:
choices:
- enable
- disable
description:
- Enable/disable weak WEP IV (Initialization Vector) detection (default = disable).
wireless-bridge:
choices:
- enable
- disable
description:
- Enable/disable wireless bridge detection (default = disable).
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str