Try SpotterConfigure route maps in Fortinet's FortiOS and FortiGate.
| "added in version" 2.9 of ansible.builtin"
Authors: Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico)
preview | supported by community
pipInstall with pip install ansible==2.9.27
This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and route_map category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
- hosts: localhost
vars:
host: "192.168.122.40"
username: "admin"
password: ""
vdom: "root"
ssl_verify: "False"
tasks:
- name: Configure route maps.
fortios_router_route_map:
host: "{{ host }}"
username: "{{ username }}"
password: "{{ password }}"
vdom: "{{ vdom }}"
https: "False"
state: "present"
router_route_map:
comments: "<your_own_value>"
name: "default_name_4"
rule:
-
action: "permit"
id: "7"
match_as_path: "<your_own_value> (source router.aspath-list.name)"
match_community: "<your_own_value> (source router.community-list.name)"
match_community_exact: "enable"
match_flags: "11"
match_interface: "<your_own_value> (source system.interface.name)"
match_ip_address: "<your_own_value> (source router.access-list.name router.prefix-list.name)"
match_ip_nexthop: "<your_own_value> (source router.access-list.name router.prefix-list.name)"
match_ip6_address: "<your_own_value> (source router.access-list6.name router.prefix-list6.name)"
match_ip6_nexthop: "<your_own_value> (source router.access-list6.name router.prefix-list6.name)"
match_metric: "17"
match_origin: "none"
match_route_type: "1"
match_tag: "20"
set_aggregator_as: "21"
set_aggregator_ip: "<your_own_value>"
set_aspath:
-
as: "<your_own_value>"
set_aspath_action: "prepend"
set_atomic_aggregate: "enable"
set_community:
-
community: "<your_own_value>"
set_community_additive: "enable"
set_community_delete: "<your_own_value> (source router.community-list.name)"
set_dampening_max_suppress: "31"
set_dampening_reachability_half_life: "32"
set_dampening_reuse: "33"
set_dampening_suppress: "34"
set_dampening_unreachability_half_life: "35"
set_extcommunity_rt:
-
community: "<your_own_value>"
set_extcommunity_soo:
-
community: "<your_own_value>"
set_flags: "40"
set_ip_nexthop: "<your_own_value>"
set_ip6_nexthop: "<your_own_value>"
set_ip6_nexthop_local: "<your_own_value>"
set_local_preference: "44"
set_metric: "45"
set_metric_type: "1"
set_origin: "none"
set_originator_id: "<your_own_value>"
set_route_tag: "49"
set_tag: "50"
set_weight: "51"
host:
description:
- FortiOS or FortiGate IP address.
required: false
type: str
vdom:
default: root
description:
- Virtual domain, among those defined previously. A vdom is a virtual instance of
the FortiGate that can be configured and used as a different unit.
type: str
https:
default: true
description:
- Indicates if the requests towards FortiGate must use HTTPS protocol.
type: bool
state:
choices:
- present
- absent
description:
- Indicates whether to create or remove the object.
required: true
type: str
password:
default: ''
description:
- FortiOS or FortiGate password.
type: str
username:
description:
- FortiOS or FortiGate username.
required: false
type: str
ssl_verify:
default: true
description:
- Ensures FortiGate certificate must be verified by a proper CA.
type: bool
router_route_map:
default: null
description:
- Configure route maps.
suboptions:
comments:
description:
- Optional comments.
type: str
name:
description:
- Name.
required: true
type: str
rule:
description:
- Rule.
suboptions:
action:
choices:
- permit
- deny
description:
- Action.
type: str
id:
description:
- Rule ID.
required: true
type: int
match_as_path:
description:
- Match BGP AS path list. Source router.aspath-list.name.
type: str
match_community:
description:
- Match BGP community list. Source router.community-list.name.
type: str
match_community_exact:
choices:
- enable
- disable
description:
- Enable/disable exact matching of communities.
type: str
match_flags:
description:
- BGP flag value to match (0 - 65535)
type: int
match_interface:
description:
- Match interface configuration. Source system.interface.name.
type: str
match_ip6_address:
description:
- Match IPv6 address permitted by access-list6 or prefix-list6. Source router.access-list6.name
router.prefix-list6.name.
type: str
match_ip6_nexthop:
description:
- Match next hop IPv6 address passed by access-list6 or prefix-list6. Source
router.access-list6.name router.prefix-list6.name.
type: str
match_ip_address:
description:
- Match IP address permitted by access-list or prefix-list. Source router.access-list.name
router.prefix-list.name.
type: str
match_ip_nexthop:
description:
- Match next hop IP address passed by access-list or prefix-list. Source router.access-list.name
router.prefix-list.name.
type: str
match_metric:
description:
- Match metric for redistribute routes.
type: int
match_origin:
choices:
- none
- egp
- igp
- incomplete
description:
- Match BGP origin code.
type: str
match_route_type:
choices:
- 1
- 2
- none
description:
- Match route type.
type: str
match_tag:
description:
- Match tag.
type: int
set_aggregator_as:
description:
- BGP aggregator AS.
type: int
set_aggregator_ip:
description:
- BGP aggregator IP.
type: str
set_aspath:
description:
- Prepend BGP AS path attribute.
suboptions:
as:
description:
- AS number (0 - 42949672).
required: true
type: str
type: list
set_aspath_action:
choices:
- prepend
- replace
description:
- Specify preferred action of set-aspath.
type: str
set_atomic_aggregate:
choices:
- enable
- disable
description:
- Enable/disable BGP atomic aggregate attribute.
type: str
set_community:
description:
- BGP community attribute.
suboptions:
community:
description:
- 'Attribute: AA|AA:NN|internet|local-AS|no-advertise|no-export.'
required: true
type: str
type: list
set_community_additive:
choices:
- enable
- disable
description:
- Enable/disable adding set-community to existing community.
type: str
set_community_delete:
description:
- Delete communities matching community list. Source router.community-list.name.
type: str
set_dampening_max_suppress:
description:
- Maximum duration to suppress a route (1 - 255 min, 0 = unset).
type: int
set_dampening_reachability_half_life:
description:
- Reachability half-life time for the penalty (1 - 45 min, 0 = unset).
type: int
set_dampening_reuse:
description:
- Value to start reusing a route (1 - 20000, 0 = unset).
type: int
set_dampening_suppress:
description:
- Value to start suppressing a route (1 - 20000, 0 = unset).
type: int
set_dampening_unreachability_half_life:
description:
- Unreachability Half-life time for the penalty (1 - 45 min, 0 = unset)
type: int
set_extcommunity_rt:
description:
- Route Target extended community.
suboptions:
community:
description:
- Set the target extended community (in decimal notation) of a BGP route.
required: true
type: str
type: list
set_extcommunity_soo:
description:
- Site-of-Origin extended community.
suboptions:
community:
description:
- AA:NN
required: true
type: str
type: list
set_flags:
description:
- BGP flags value (0 - 65535)
type: int
set_ip6_nexthop:
description:
- IPv6 global address of next hop.
type: str
set_ip6_nexthop_local:
description:
- IPv6 local address of next hop.
type: str
set_ip_nexthop:
description:
- IP address of next hop.
type: str
set_local_preference:
description:
- BGP local preference path attribute.
type: int
set_metric:
description:
- Metric value.
type: int
set_metric_type:
choices:
- 1
- 2
- none
description:
- Metric type.
type: str
set_origin:
choices:
- none
- egp
- igp
- incomplete
description:
- BGP origin code.
type: str
set_originator_id:
description:
- BGP originator ID attribute.
type: str
set_route_tag:
description:
- Route tag for routing table.
type: int
set_tag:
description:
- Tag value.
type: int
set_weight:
description:
- BGP weight for routing table.
type: int
type: list
type: dict
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str