Try SpotterManages Device Provisioning Templates in FortiManager.
Authors: Luke Weighall (@lweighall), Andrew Welsh (@Ghilli3), Jim Huber (@p4r4n0y1ng)
preview | supported by community
Install with ansible-galaxy collection install community.general:==0.1.1
collections:
- name: community.general
version: 0.1.1Allows the editing and assignment of device provisioning templates in FortiManager.
- name: SET SNMP SYSTEM INFO
fmgr_device_provision_template:
provisioning_template: "default"
snmp_status: "enable"
mode: "set"
- name: SET SNMP SYSTEM INFO ANSIBLE ADOM
fmgr_device_provision_template:
provisioning_template: "default"
snmp_status: "enable"
mode: "set"
adom: "ansible"
- name: SET SNMP SYSTEM INFO different template (SNMPv2)
fmgr_device_provision_template:
provisioning_template: "ansibleTest"
snmp_status: "enable"
mode: "set"
adom: "ansible"
snmp_v2c_query_port: "162"
snmp_v2c_trap_port: "161"
snmp_v2c_status: "enable"
snmp_v2c_trap_status: "enable"
snmp_v2c_query_status: "enable"
snmp_v2c_name: "ansibleV2c"
snmp_v2c_id: "1"
snmp_v2c_trap_src_ipv4: "10.7.220.41"
snmp_v2c_trap_hosts_ipv4: "10.7.220.59 255.255.255.255, 10.7.220.60 255.255.255.255"
snmp_v2c_query_hosts_ipv4: "10.7.220.59 255.255.255.255, 10.7.220.0 255.255.255.0"
- name: SET SNMP SYSTEM INFO different template (SNMPv3)
fmgr_device_provision_template:
provisioning_template: "ansibleTest"
snmp_status: "enable"
mode: "set"
adom: "ansible"
snmpv3_auth_proto: "sha"
snmpv3_auth_pwd: "fortinet"
snmpv3_name: "ansibleSNMPv3"
snmpv3_notify_hosts: "10.7.220.59,10.7.220.60"
snmpv3_priv_proto: "aes256"
snmpv3_priv_pwd: "fortinet"
snmpv3_queries: "enable"
snmpv3_query_port: "161"
snmpv3_security_level: "auth_priv"
snmpv3_source_ip: "0.0.0.0"
snmpv3_status: "enable"
snmpv3_trap_rport: "162"
snmpv3_trap_status: "enable"
- name: SET SYSLOG INFO
fmgr_device_provision_template:
provisioning_template: "ansibleTest"
mode: "set"
adom: "ansible"
syslog_server: "10.7.220.59"
syslog_port: "514"
syslog_mode: "disable"
syslog_status: "enable"
syslog_filter: "information"
- name: SET NTP TO FORTIGUARD
fmgr_device_provision_template:
provisioning_template: "ansibleTest"
mode: "set"
adom: "ansible"
ntp_status: "enable"
ntp_sync_interval: "60"
type: "fortiguard"
- name: SET NTP TO CUSTOM SERVER
fmgr_device_provision_template:
provisioning_template: "ansibleTest"
mode: "set"
adom: "ansible"
ntp_status: "enable"
ntp_sync_interval: "60"
ntp_type: "custom"
ntp_server: "10.7.220.32,10.7.220.1"
ntp_auth: "enable"
ntp_auth_pwd: "fortinet"
ntp_v3: "disable"
- name: SET ADMIN GLOBAL SETTINGS
fmgr_device_provision_template:
provisioning_template: "ansibleTest"
mode: "set"
adom: "ansible"
admin_https_redirect: "enable"
admin_https_port: "4433"
admin_http_port: "8080"
admin_timeout: "30"
admin_language: "english"
admin_switch_controller: "enable"
admin_gui_theme: "blue"
admin_enable_fortiguard: "direct"
admin_fortiguard_target: "10.7.220.128"
admin_fortianalyzer_target: "10.7.220.61"
- name: SET CUSTOM SMTP SERVER
fmgr_device_provision_template:
provisioning_template: "ansibleTest"
mode: "set"
adom: "ansible"
smtp_username: "ansible"
smtp_password: "fortinet"
smtp_port: "25"
smtp_replyto: "ansible@do-not-reply.com"
smtp_conn_sec: "starttls"
smtp_server: "10.7.220.32"
smtp_source_ipv4: "0.0.0.0"
smtp_validate_cert: "disable"
- name: SET DNS SERVERS
fmgr_device_provision_template:
provisioning_template: "ansibleTest"
mode: "set"
adom: "ansible"
dns_suffix: "ansible.local"
dns_primary_ipv4: "8.8.8.8"
dns_secondary_ipv4: "4.4.4.4"
- name: SET PROVISIONING TEMPLATE DEVICE TARGETS IN FORTIMANAGER
fmgr_device_provision_template:
provisioning_template: "ansibleTest"
mode: "set"
adom: "ansible"
provision_targets: "FGT1, FGT2"
- name: DELETE ENTIRE PROVISIONING TEMPLATE
fmgr_device_provision_template:
delete_provisioning_template: "ansibleTest"
mode: "delete"
adom: "ansible"
adom:
description:
- The ADOM the configuration should belong to.
required: true
mode:
choices:
- add
- set
- delete
- update
default: add
description:
- Sets one of three modes for managing the object.
- Allows use of soft-adds instead of overwriting existing values.
required: false
ntp_v3:
choices:
- enable
- disable
description:
- Enables or disables ntpv3 (default is ntpv4).
required: false
ntp_auth:
choices:
- enable
- disable
description:
- Enables or disables ntp authentication.
required: false
ntp_type:
choices:
- fortiguard
- custom
description:
- Enables fortiguard servers or custom servers are the ntp source.
required: false
smtp_port:
description:
- SMTP port number.
required: false
dns_suffix:
description:
- Sets the local dns domain suffix.
required: false
ntp_server:
description:
- Only used with custom ntp_type -- specifies IP of server to sync to -- comma separated
ip addresses for multiples.
required: false
ntp_status:
choices:
- enable
- disable
description:
- Enables or disables ntp.
required: false
smtp_server:
description:
- SMTP server ipv4 address.
required: false
snmp_status:
choices:
- enable
- disable
description:
- Enables or disables SNMP globally.
required: false
snmp_v2c_id:
description:
- Primary key for the snmp community. this must be unique!
required: false
snmpv3_name:
description:
- SNMPv3 user name.
required: false
syslog_mode:
choices:
- udp
- legacy-reliable
- reliable
default: udp
description:
- Remote syslog logging over UDP/Reliable TCP.
- choice | udp | Enable syslogging over UDP.
- choice | legacy-reliable | Enable legacy reliable syslogging by RFC3195 (Reliable
Delivery for Syslog).
- choice | reliable | Enable reliable syslogging by RFC6587 (Transmission of Syslog
Messages over TCP).
required: false
syslog_port:
description:
- Syslog port that will be set.
required: false
ntp_auth_pwd:
description:
- Sets the ntp auth password.
required: false
smtp_replyto:
description:
- SMTP reply to address.
required: false
admin_timeout:
description:
- Admin timeout in minutes.
required: false
smtp_conn_sec:
choices:
- none
- starttls
- smtps
description:
- defines the ssl level for smtp.
required: false
smtp_password:
description:
- SMTP password.
required: false
smtp_username:
description:
- SMTP auth username.
required: false
snmp_v2c_name:
description:
- Specifies the v2c community name.
required: false
snmpv3_status:
choices:
- enable
- disable
description:
- SNMPv3 user is enabled or disabled.
required: false
syslog_filter:
choices:
- emergency
- alert
- critical
- error
- warning
- notification
- information
- debug
description:
- Sets the logging level for syslog.
required: false
syslog_server:
description:
- Server the syslogs will be sent to.
required: false
syslog_status:
choices:
- enable
- disable
description:
- Enables or disables syslogs.
required: false
admin_language:
choices:
- english
- simch
- japanese
- korean
- spanish
- trach
- french
- portuguese
description:
- Sets the admin gui language.
required: false
snmpv3_queries:
choices:
- enable
- disable
description:
- Allow snmpv3_queries.
required: false
admin_gui_theme:
choices:
- green
- red
- blue
- melongene
- mariner
description:
- Changes the admin gui theme.
required: false
admin_http_port:
description:
- Non-SSL admin gui port number.
required: false
snmp_v2c_status:
choices:
- enable
- disable
description:
- Enables or disables the v2c community specified.
required: false
snmpv3_auth_pwd:
description:
- SNMPv3 auth pwd __ currently not encrypted! ensure this file is locked down permissions
wise!
required: false
snmpv3_priv_pwd:
description:
- SNMPv3 priv pwd currently not encrypted! ensure this file is locked down permissions
wise!
required: false
syslog_facility:
choices:
- kernel
- user
- mail
- daemon
- auth
- syslog
- lpr
- news
- uucp
- cron
- authpriv
- ftp
- ntp
- audit
- alert
- clock
- local0
- local1
- local2
- local3
- local4
- local5
- local6
- local7
default: syslog
description:
- Remote syslog facility.
- choice | kernel | Kernel messages.
- choice | user | Random user-level messages.
- choice | mail | Mail system.
- choice | daemon | System daemons.
- choice | auth | Security/authorization messages.
- choice | syslog | Messages generated internally by syslog.
- choice | lpr | Line printer subsystem.
- choice | news | Network news subsystem.
- choice | uucp | Network news subsystem.
- choice | cron | Clock daemon.
- choice | authpriv | Security/authorization messages (private).
- choice | ftp | FTP daemon.
- choice | ntp | NTP daemon.
- choice | audit | Log audit.
- choice | alert | Log alert.
- choice | clock | Clock daemon.
- choice | local0 | Reserved for local use.
- choice | local1 | Reserved for local use.
- choice | local2 | Reserved for local use.
- choice | local3 | Reserved for local use.
- choice | local4 | Reserved for local use.
- choice | local5 | Reserved for local use.
- choice | local6 | Reserved for local use.
- choice | local7 | Reserved for local use.
required: false
admin_https_port:
description:
- SSL admin gui port number.
required: false
dns_primary_ipv4:
description:
- primary ipv4 dns forwarder.
required: false
smtp_source_ipv4:
description:
- SMTP source ip address.
required: false
snmpv3_source_ip:
description:
- SNMPv3 source ipv4 address for traps.
required: false
ntp_sync_interval:
description:
- Sets the interval in minutes for ntp sync.
required: false
provision_targets:
description:
- The friendly names of devices in FortiManager to assign the provisioning template
to. CSV separated list.
required: true
snmpv3_auth_proto:
choices:
- md5
- sha
description:
- SNMPv3 auth protocol.
required: false
snmpv3_priv_proto:
choices:
- aes
- des
- aes256
- aes256cisco
description:
- SNMPv3 priv protocol.
required: false
snmpv3_query_port:
description:
- SNMPv3 query port.
required: false
snmpv3_trap_rport:
description:
- SNMPv3 trap remote port.
required: false
device_unique_name:
description:
- The unique device's name that you are editing.
required: true
dns_secondary_ipv4:
description:
- secondary ipv4 dns forwarder.
required: false
smtp_validate_cert:
choices:
- enable
- disable
description:
- Enables or disables valid certificate checking for smtp.
required: false
snmp_v2c_trap_port:
description:
- Sets the snmp v2c community trap port.
required: false
snmpv3_trap_status:
choices:
- enable
- disable
description:
- SNMPv3 traps is enabled or disabled.
required: false
syslog_certificate:
description:
- Certificate used to communicate with Syslog server if encryption on.
required: false
snmp_v2c_query_port:
description:
- Sets the snmp v2c community query port.
required: false
snmpv3_notify_hosts:
description:
- List of ipv4 hosts to send snmpv3 traps to. Comma separated IPv4 list.
required: false
admin_https_redirect:
choices:
- enable
- disable
description:
- Enables or disables https redirect from http.
required: false
snmp_v2c_trap_status:
choices:
- enable
- disable
description:
- Enables or disables the v2c community specified for traps.
required: false
syslog_enc_algorithm:
choices:
- high
- low
- disable
- high-medium
default: disable
description:
- Enable/disable reliable syslogging with TLS encryption.
- choice | high | SSL communication with high encryption algorithms.
- choice | low | SSL communication with low encryption algorithms.
- choice | disable | Disable SSL communication.
- choice | high-medium | SSL communication with high and medium encryption algorithms.
required: false
provisioning_template:
description:
- The provisioning template you want to apply (default = default).
required: true
snmp_v2c_query_status:
choices:
- enable
- disable
description:
- Enables or disables the v2c community specified for queries.
required: false
snmpv3_security_level:
choices:
- no-auth-no-priv
- auth-no-priv
- auth-priv
description:
- SNMPv3 security level.
required: false
snmp_v2c_trap_src_ipv4:
description:
- Source ip the traps should come from IPv4.
required: false
admin_enable_fortiguard:
choices:
- none
- direct
- this-fmg
description:
- Enables FortiGuard security updates to their default settings.
required: false
admin_fortiguard_target:
description:
- Configures fortiguard target.
- admin_enable_fortiguard must be set to "direct".
required: false
admin_switch_controller:
choices:
- enable
- disable
description:
- Enables or disables the switch controller.
required: false
snmp_v2c_trap_hosts_ipv4:
description: '- IPv4 addresses of the hosts that should get SNMP v2c traps, comma
separated, must include mask ("10.7.220.59 255.255.255.255, 10.7.220.60 255.255.255.255").
'
required: false
snmp_v2c_query_hosts_ipv4:
description: '- IPv4 addresses or subnets that are allowed to query SNMP v2c, comma
separated ("10.7.220.59 255.255.255.0, 10.7.220.0 255.255.255.0").
'
required: false
admin_fortianalyzer_target:
description:
- Configures faz target.
required: false
delete_provisioning_template:
description:
- If specified, all other options are ignored. The specified provisioning template
will be deleted.
required: false
api_result: description: full API response, includes status code and message returned: always type: str