Try SpotterManage proxy security profiles in FortiManager
Authors: Luke Weighall (@lweighall), Andrew Welsh (@Ghilli3), Jim Huber (@p4r4n0y1ng)
preview | supported by community
Install with ansible-galaxy collection install community.general:==0.1.1
collections:
- name: community.general
version: 0.1.1Manage proxy security profiles for FortiGates via FortiManager using the FMG API with playbooks
- name: DELETE Profile
fmgr_secprof_proxy:
name: "Ansible_Web_Proxy_Profile"
mode: "delete"
- name: CREATE Profile
fmgr_secprof_proxy:
name: "Ansible_Web_Proxy_Profile"
mode: "set"
header_client_ip: "pass"
header_front_end_https: "add"
header_via_request: "remove"
header_via_response: "pass"
header_x_authenticated_groups: "add"
header_x_authenticated_user: "remove"
strip_encoding: "enable"
log_header_change: "enable"
header_x_forwarded_for: "pass"
headers_action: "add-to-request"
headers_content: "test"
headers_name: "test_header"
adom:
default: root
description:
- The ADOM the configuration should belong to.
required: false
mode:
choices:
- add
- set
- delete
- update
default: add
description:
- Sets one of three modes for managing the object.
- Allows use of soft-adds instead of overwriting existing values
required: false
name:
description:
- Profile name.
required: false
headers:
description:
- EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
- List of multiple child objects to be added. Expects a list of dictionaries.
- Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
- If submitted, all other prefixed sub-parameters ARE IGNORED.
- This object is MUTUALLY EXCLUSIVE with its options.
- We expect that you know what you are doing with these list parameters, and are leveraging
the JSON API Guide.
- WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE
TASKS
required: false
headers_name:
description:
- HTTP forwarded header name.
required: false
headers_action:
choices:
- add-to-request
- add-to-response
- remove-from-request
- remove-from-response
description:
- Action when HTTP the header forwarded.
- choice | add-to-request | Add the HTTP header to request.
- choice | add-to-response | Add the HTTP header to response.
- choice | remove-from-request | Remove the HTTP header from request.
- choice | remove-from-response | Remove the HTTP header from response.
required: false
strip_encoding:
choices:
- disable
- enable
description:
- Enable/disable stripping unsupported encoding from the request header.
- choice | disable | Disable stripping of unsupported encoding from the request header.
- choice | enable | Enable stripping of unsupported encoding from the request header.
required: false
headers_content:
description:
- HTTP header's content.
required: false
header_client_ip:
choices:
- pass
- add
- remove
description:
- Actions to take on the HTTP client-IP header in forwarded requests| forwards (pass),
adds, or removes the HTTP
- header.
- choice | pass | Forward the same HTTP header.
- choice | add | Add the HTTP header.
- choice | remove | Remove the HTTP header.
required: false
log_header_change:
choices:
- disable
- enable
description:
- Enable/disable logging HTTP header changes.
- choice | disable | Disable Enable/disable logging HTTP header changes.
- choice | enable | Enable Enable/disable logging HTTP header changes.
required: false
header_via_request:
choices:
- pass
- add
- remove
description:
- Action to take on the HTTP via header in forwarded requests| forwards (pass), adds,
or removes the HTTP header
- .
- choice | pass | Forward the same HTTP header.
- choice | add | Add the HTTP header.
- choice | remove | Remove the HTTP header.
required: false
header_via_response:
choices:
- pass
- add
- remove
description:
- Action to take on the HTTP via header in forwarded responses| forwards (pass), adds,
or removes the HTTP heade
- r.
- choice | pass | Forward the same HTTP header.
- choice | add | Add the HTTP header.
- choice | remove | Remove the HTTP header.
required: false
header_front_end_https:
choices:
- pass
- add
- remove
description:
- Action to take on the HTTP front-end-HTTPS header in forwarded requests| forwards
(pass), adds, or removes the
- HTTP header.
- choice | pass | Forward the same HTTP header.
- choice | add | Add the HTTP header.
- choice | remove | Remove the HTTP header.
required: false
header_x_forwarded_for:
choices:
- pass
- add
- remove
description:
- Action to take on the HTTP x-forwarded-for header in forwarded requests| forwards
(pass), adds, or removes the
- HTTP header.
- choice | pass | Forward the same HTTP header.
- choice | add | Add the HTTP header.
- choice | remove | Remove the HTTP header.
required: false
header_x_authenticated_user:
choices:
- pass
- add
- remove
description:
- Action to take on the HTTP x-authenticated-user header in forwarded requests| forwards
(pass), adds, or remove
- s the HTTP header.
- choice | pass | Forward the same HTTP header.
- choice | add | Add the HTTP header.
- choice | remove | Remove the HTTP header.
required: false
header_x_authenticated_groups:
choices:
- pass
- add
- remove
description:
- Action to take on the HTTP x-authenticated-groups header in forwarded requests|
forwards (pass), adds, or remo
- ves the HTTP header.
- choice | pass | Forward the same HTTP header.
- choice | add | Add the HTTP header.
- choice | remove | Remove the HTTP header.
required: false
api_result: description: full API response, includes status code and message returned: always type: str