Try SpotterManages FortiManager Firewall Service Objects.
Authors: Luke Weighall (@lweighall), Andrew Welsh (@Ghilli3), Jim Huber (@p4r4n0y1ng)
preview | supported by community
Install with ansible-galaxy collection install community.general:==0.1.1
collections:
- name: community.general
version: 0.1.1Manages FortiManager Firewall Service Objects.
- name: ADD A CUSTOM SERVICE FOR TCP/UDP/SCP
fmgr_fwobj_service:
adom: "ansible"
name: "ansible_custom_service"
object_type: "custom"
custom_type: "tcp_udp_sctp"
tcp_portrange: "443"
udp_portrange: "51"
sctp_portrange: "100"
- name: ADD A CUSTOM SERVICE FOR TCP/UDP/SCP WITH SOURCE RANGES AND MULTIPLES
fmgr_fwobj_service:
adom: "ansible"
name: "ansible_custom_serviceWithSource"
object_type: "custom"
custom_type: "tcp_udp_sctp"
tcp_portrange: "443:2000-1000,80-82:10000-20000"
udp_portrange: "51:100-200,162:200-400"
sctp_portrange: "100:2000-2500"
- name: ADD A CUSTOM SERVICE FOR ICMP
fmgr_fwobj_service:
adom: "ansible"
name: "ansible_custom_icmp"
object_type: "custom"
custom_type: "icmp"
icmp_type: "8"
icmp_code: "3"
- name: ADD A CUSTOM SERVICE FOR ICMP6
fmgr_fwobj_service:
adom: "ansible"
name: "ansible_custom_icmp6"
object_type: "custom"
custom_type: "icmp6"
icmp_type: "5"
icmp_code: "1"
- name: ADD A CUSTOM SERVICE FOR IP - GRE
fmgr_fwobj_service:
adom: "ansible"
name: "ansible_custom_icmp6"
object_type: "custom"
custom_type: "ip"
protocol_number: "47"
- name: ADD A CUSTOM PROXY FOR ALL WITH SOURCE RANGES AND MULTIPLES
fmgr_fwobj_service:
adom: "ansible"
name: "ansible_custom_proxy_all"
object_type: "custom"
custom_type: "all"
explicit_proxy: "enable"
tcp_portrange: "443:2000-1000,80-82:10000-20000"
iprange: "www.ansible.com"
adom:
default: root
description: -The ADOM the configuration should belong to.
required: false
fqdn:
default: ''
description:
- Fully qualified domain name.
required: false
mode:
choices:
- add
- set
- delete
default: add
description:
- Sets one of three modes for managing the object.
required: false
name:
description:
- Custom service name.
required: false
color:
default: 22
description:
- GUI icon color.
required: false
comment:
description:
- Comment.
required: false
iprange:
default: 0.0.0.0
description:
- Start IP-End IP.
required: false
category:
description:
- Service category.
required: false
protocol:
description:
- Protocol type.
required: false
icmp_code:
description:
- ICMP code.
required: false
icmp_type:
description:
- ICMP type.
required: false
group_name:
description:
- Name of the Service Group.
required: false
visibility:
choices:
- enable
- disable
default: enable
description:
- Enable/disable service visibility.
required: false
application:
description:
- Application ID.
required: false
custom_type:
choices:
- tcp_udp_sctp
- icmp
- icmp6
- ip
- http
- ftp
- connect
- socks_tcp
- socks_udp
- all
default: all
description:
- Tells module what kind of custom service to be added.
required: false
object_type:
choices:
- custom
- group
- category
description:
- Tells module if we are adding a custom service, category, or group.
required: false
session_ttl:
default: 0
description:
- Session TTL (300 - 604800, 0 = default).
required: false
app_category:
description:
- Application category ID.
required: false
group_member:
description:
- Comma-Seperated list of members' names.
required: false
tcp_portrange:
description:
- Comma separated list of destination ports to add (i.e. '443,80').
- Syntax is <destPort:sourcePort>
- If no sourcePort is defined, it assumes all of them.
- Ranges can be defined with a hyphen -
- Examples -- '443' (destPort 443 only) '443:1000-2000' (destPort 443 from source
ports 1000-2000).
- String multiple together in same quotes, comma separated. ('443:1000-2000, 80:1000-2000').
required: false
udp_portrange:
description:
- Comma separated list of destination ports to add (i.e. '443,80').
- Syntax is <destPort:sourcePort>
- If no sourcePort is defined, it assumes all of them.
- Ranges can be defined with a hyphen -
- Examples -- '443' (destPort 443 only) '443:1000-2000' (destPort 443 from source
ports 1000-2000).
- String multiple together in same quotes, comma separated. ('443:1000-2000, 80:1000-2000').
required: false
explicit_proxy:
choices:
- enable
- disable
default: disable
description:
- Enable/disable explicit web proxy service.
required: false
sctp_portrange:
description:
- Multiple SCTP port ranges. Comma separated list of destination ports to add (i.e.
'443,80').
- Syntax is <destPort:sourcePort>
- If no sourcePort is defined, it assumes all of them.
- Ranges can be defined with a hyphen -
- Examples -- '443' (destPort 443 only) '443:1000-2000' (destPort 443 from source
ports 1000-2000).
- String multiple together in same quotes, comma separated. ('443:1000-2000, 80:1000-2000').
required: false
udp_idle_timer:
default: 0
description:
- TCP half close timeout (0 - 86400 sec, 0 = default).
required: false
protocol_number:
description:
- IP protocol number.
required: false
app_service_type:
description:
- Application service type.
required: false
check_reset_range:
description:
- Enable disable RST check.
required: false
tcp_halfopen_timer:
default: 0
description:
- TCP half close timeout (1 - 86400 sec, 0 = default).
required: false
tcp_timewait_timer:
default: 0
description:
- TCP half close timeout (1 - 300 sec, 0 = default).
required: false
tcp_halfclose_timer:
default: 0
description:
- TCP half close timeout (1 - 86400 sec, 0 = default).
required: false
api_result: description: full API response, includes status code and message returned: always type: str