Try SpotterConfigure FortiGuard services in Fortinet's FortiOS and FortiGate.
| "added in version" 2.9 of ansible.builtin"
Authors: Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico)
preview | supported by community
pipInstall with pip install ansible==2.9.27
This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and fortiguard category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
- hosts: localhost
vars:
host: "192.168.122.40"
username: "admin"
password: ""
vdom: "root"
ssl_verify: "False"
tasks:
- name: Configure FortiGuard services.
fortios_system_fortiguard:
host: "{{ host }}"
username: "{{ username }}"
password: "{{ password }}"
vdom: "{{ vdom }}"
https: "False"
system_fortiguard:
antispam_cache: "enable"
antispam_cache_mpercent: "4"
antispam_cache_ttl: "5"
antispam_expiration: "6"
antispam_force_off: "enable"
antispam_license: "8"
antispam_timeout: "9"
auto_join_forticloud: "enable"
ddns_server_ip: "<your_own_value>"
ddns_server_port: "12"
load_balance_servers: "13"
outbreak_prevention_cache: "enable"
outbreak_prevention_cache_mpercent: "15"
outbreak_prevention_cache_ttl: "16"
outbreak_prevention_expiration: "17"
outbreak_prevention_force_off: "enable"
outbreak_prevention_license: "19"
outbreak_prevention_timeout: "20"
port: "53"
sdns_server_ip: "<your_own_value>"
sdns_server_port: "23"
service_account_id: "<your_own_value>"
source_ip: "84.230.14.43"
source_ip6: "<your_own_value>"
update_server_location: "usa"
webfilter_cache: "enable"
webfilter_cache_ttl: "29"
webfilter_expiration: "30"
webfilter_force_off: "enable"
webfilter_license: "32"
webfilter_timeout: "33"
host:
description:
- FortiOS or FortiGate IP address.
required: false
type: str
vdom:
default: root
description:
- Virtual domain, among those defined previously. A vdom is a virtual instance of
the FortiGate that can be configured and used as a different unit.
type: str
https:
default: true
description:
- Indicates if the requests towards FortiGate must use HTTPS protocol.
type: bool
password:
default: ''
description:
- FortiOS or FortiGate password.
type: str
username:
description:
- FortiOS or FortiGate username.
required: false
type: str
ssl_verify:
default: true
description:
- Ensures FortiGate certificate must be verified by a proper CA.
type: bool
system_fortiguard:
default: null
description:
- Configure FortiGuard services.
suboptions:
antispam_cache:
choices:
- enable
- disable
description:
- Enable/disable FortiGuard antispam request caching. Uses a small amount of memory
but improves performance.
type: str
antispam_cache_mpercent:
description:
- Maximum percent of FortiGate memory the antispam cache is allowed to use (1
- 15%).
type: int
antispam_cache_ttl:
description:
- Time-to-live for antispam cache entries in seconds (300 - 86400). Lower times
reduce the cache size. Higher times may improve performance since the cache
will have more entries.
type: int
antispam_expiration:
description:
- Expiration date of the FortiGuard antispam contract.
type: int
antispam_force_off:
choices:
- enable
- disable
description:
- Enable/disable turning off the FortiGuard antispam service.
type: str
antispam_license:
description:
- Interval of time between license checks for the FortiGuard antispam contract.
type: int
antispam_timeout:
description:
- Antispam query time out (1 - 30 sec).
type: int
auto_join_forticloud:
choices:
- enable
- disable
description:
- Automatically connect to and login to FortiCloud.
type: str
ddns_server_ip:
description:
- IP address of the FortiDDNS server.
type: str
ddns_server_port:
description:
- Port used to communicate with FortiDDNS servers.
type: int
load_balance_servers:
description:
- Number of servers to alternate between as first FortiGuard option.
type: int
outbreak_prevention_cache:
choices:
- enable
- disable
description:
- Enable/disable FortiGuard Virus Outbreak Prevention cache.
type: str
outbreak_prevention_cache_mpercent:
description:
- Maximum percent of memory FortiGuard Virus Outbreak Prevention cache can use
(1 - 15%).
type: int
outbreak_prevention_cache_ttl:
description:
- Time-to-live for FortiGuard Virus Outbreak Prevention cache entries (300 - 86400
sec).
type: int
outbreak_prevention_expiration:
description:
- Expiration date of FortiGuard Virus Outbreak Prevention contract.
type: int
outbreak_prevention_force_off:
choices:
- enable
- disable
description:
- Turn off FortiGuard Virus Outbreak Prevention service.
type: str
outbreak_prevention_license:
description:
- Interval of time between license checks for FortiGuard Virus Outbreak Prevention
contract.
type: int
outbreak_prevention_timeout:
description:
- FortiGuard Virus Outbreak Prevention time out (1 - 30 sec).
type: int
port:
choices:
- 53
- 8888
- 80
description:
- Port used to communicate with the FortiGuard servers.
type: str
sdns_server_ip:
description:
- IP address of the FortiDNS server.
type: str
sdns_server_port:
description:
- Port used to communicate with FortiDNS servers.
type: int
service_account_id:
description:
- Service account ID.
type: str
source_ip:
description:
- Source IPv4 address used to communicate with FortiGuard.
type: str
source_ip6:
description:
- Source IPv6 address used to communicate with FortiGuard.
type: str
update_server_location:
choices:
- usa
- any
description:
- Signature update server location.
type: str
webfilter_cache:
choices:
- enable
- disable
description:
- Enable/disable FortiGuard web filter caching.
type: str
webfilter_cache_ttl:
description:
- Time-to-live for web filter cache entries in seconds (300 - 86400).
type: int
webfilter_expiration:
description:
- Expiration date of the FortiGuard web filter contract.
type: int
webfilter_force_off:
choices:
- enable
- disable
description:
- Enable/disable turning off the FortiGuard web filtering service.
type: str
webfilter_license:
description:
- Interval of time between license checks for the FortiGuard web filter contract.
type: int
webfilter_timeout:
description:
- Web filter query time out (1 - 30 sec).
type: int
type: dict
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str