Try SpotterConfigure protocol options.
| "added in version" 2.0.0 of drmofu.fortimanager"
Authors: Xinwei Du (@dux-fortinet), Xing Li (@lix-fortinet), Jie Xue (@JieX19), Link Zheng (@chillancezen), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu)
preview | supported by community
Install with ansible-galaxy collection install drmofu.fortimanager:==2.2.2
collections:
- name: drmofu.fortimanager
version: 2.2.2This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- hosts: fortimanager00
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: Configure protocol options.
fmgr_firewall_profileprotocoloptions:
bypass_validation: False
adom: ansible
state: present
firewall_profileprotocoloptions:
comment: 'ansible-comment'
name: 'ansible-test'
- name: gathering fortimanager facts
hosts: fortimanager00
gather_facts: no
connection: httpapi
collections:
- fortinet.fortimanager
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: retrieve all the profile protocol options
fmgr_fact:
facts:
selector: 'firewall_profileprotocoloptions'
params:
adom: 'ansible'
profile-protocol-options: 'your_value'
adom:
description: the parameter (adom) in requested url
required: true
type: str
state:
choices:
- present
- absent
description: The directive to create, update or delete an object.
required: true
type: str
rc_failed:
description: The rc codes list with which the conditions to fail will be overriden.
elements: int
required: false
type: list
enable_log:
default: false
description: Enable/Disable logging for task.
required: false
type: bool
access_token:
description: The token to access FortiManager without using username and password.
required: false
type: str
rc_succeeded:
description: The rc codes list with which the conditions to succeed will be overriden.
elements: int
required: false
type: list
proposed_method:
choices:
- update
- set
- add
description: The overridden method for the underlying Json RPC request.
required: false
type: str
bypass_validation:
default: false
description: Only set to True when module schema diffs with FortiManager API structure,
module continues to execute without validating parameters.
required: false
type: bool
workspace_locking_adom:
description: The adom to lock for FortiManager running in workspace mode, the value
can be global and others including root.
required: false
type: str
forticloud_access_token:
description: Authenticate Ansible client with forticloud API access token.
required: false
type: str
workspace_locking_timeout:
default: 300
description: The maximum time in seconds to wait for other user to release the workspace
lock.
required: false
type: int
firewall_profileprotocoloptions:
description: the top level parameters set
required: false
suboptions:
cifs:
description: no description
required: false
suboptions:
domain-controller:
description: Domain for which to decrypt CIFS traffic.
type: str
file-filter:
description: no description
required: false
suboptions:
entries:
description: Entries.
elements: dict
suboptions:
action:
choices:
- log
- block
description: Action taken for matched file.
type: str
comment:
description: Comment.
type: str
direction:
choices:
- any
- incoming
- outgoing
description: Match files transmitted in the sessions originating or
reply direction.
type: str
file-type:
description: Select file type.
type: str
filter:
description: Add a file filter.
type: str
protocol:
choices:
- cifs
description: Protocols to apply with.
elements: str
type: list
type: list
log:
choices:
- disable
- enable
description: Enable/disable file filter logging.
type: str
status:
choices:
- disable
- enable
description: Enable/disable file filter.
type: str
type: dict
options:
choices:
- oversize
description: One or more options that can be applied to the session.
elements: str
type: list
oversize-limit:
description: Maximum in-memory file size that can be scanned
type: int
ports:
description: Ports to scan for content
type: int
scan-bzip2:
choices:
- disable
- enable
description: Enable/disable scanning of BZip2 compressed files.
type: str
server-credential-type:
choices:
- none
- credential-replication
- credential-keytab
description: CIFS server credential type.
type: str
server-keytab:
description: Server-Keytab.
elements: dict
suboptions:
keytab:
description: Base64 encoded keytab file containing credential of the server.
type: str
password:
description: Password for keytab.
type: str
principal:
description: Service principal.
type: str
type: list
status:
choices:
- disable
- enable
description: Enable/disable the active status of scanning for this protocol.
type: str
tcp-window-maximum:
description: Maximum dynamic TCP window size
type: int
tcp-window-minimum:
description: Minimum dynamic TCP window size
type: int
tcp-window-size:
description: Set TCP static window size
type: int
tcp-window-type:
choices:
- system
- static
- dynamic
- auto-tuning
description: Specify type of TCP window to use for this protocol.
type: str
uncompressed-nest-limit:
description: Maximum nested levels of compression that can be uncompressed
and scanned
type: int
uncompressed-oversize-limit:
description: Maximum in-memory uncompressed file size that can be scanned
type: int
type: dict
comment:
description: Optional comments.
type: str
dns:
description: no description
required: false
suboptions:
ports:
description: Ports to scan for content
type: int
status:
choices:
- disable
- enable
description: Enable/disable the active status of scanning for this protocol.
type: str
type: dict
feature-set:
choices:
- proxy
- flow
description: Flow/proxy feature set.
type: str
ftp:
description: no description
required: false
suboptions:
comfort-amount:
description: Amount of data to send in a transmission for client comforting
type: int
comfort-interval:
description: Period of time between start, or last transmission, and the next
client comfort transmission of data
type: int
explicit-ftp-tls:
choices:
- disable
- enable
description: Enable/disable FTP redirection for explicit FTPS.
type: str
inspect-all:
choices:
- disable
- enable
description: Enable/disable the inspection of all ports for the protocol.
type: str
options:
choices:
- clientcomfort
- no-content-summary
- oversize
- splice
- bypass-rest-command
- bypass-mode-command
description: One or more options that can be applied to the session.
elements: str
type: list
oversize-limit:
description: Maximum in-memory file size that can be scanned
type: int
ports:
description: Ports to scan for content
type: int
scan-bzip2:
choices:
- disable
- enable
description: Enable/disable scanning of BZip2 compressed files.
type: str
ssl-offloaded:
choices:
- 'no'
- 'yes'
description: SSL decryption and encryption performed by an external device.
type: str
status:
choices:
- disable
- enable
description: Enable/disable the active status of scanning for this protocol.
type: str
stream-based-uncompressed-limit:
description: Maximum stream-based uncompressed data size that will be scanned
type: int
tcp-window-maximum:
description: Maximum dynamic TCP window size.
type: int
tcp-window-minimum:
description: Minimum dynamic TCP window size.
type: int
tcp-window-size:
description: Set TCP static window size.
type: int
tcp-window-type:
choices:
- system
- static
- dynamic
- auto-tuning
description: TCP window type to use for this protocol.
type: str
uncompressed-nest-limit:
description: Maximum nested levels of compression that can be uncompressed
and scanned
type: int
uncompressed-oversize-limit:
description: Maximum in-memory uncompressed file size that can be scanned
type: int
type: dict
http:
description: no description
required: false
suboptions:
address-ip-rating:
choices:
- disable
- enable
description: Enable/disable IP based URL rating.
type: str
block-page-status-code:
description: Code number returned for blocked HTTP pages
type: int
comfort-amount:
description: Amount of data to send in a transmission for client comforting
type: int
comfort-interval:
description: Period of time between start, or last transmission, and the next
client comfort transmission of data
type: int
fortinet-bar:
choices:
- disable
- enable
description: Enable/disable Fortinet bar on HTML content.
type: str
fortinet-bar-port:
description: Port for use by Fortinet Bar
type: int
h2c:
choices:
- disable
- enable
description: Enable/disable h2c HTTP connection upgrade.
type: str
http-policy:
choices:
- disable
- enable
description: Enable/disable HTTP policy check.
type: str
inspect-all:
choices:
- disable
- enable
description: Enable/disable the inspection of all ports for the protocol.
type: str
options:
choices:
- oversize
- chunkedbypass
- clientcomfort
- no-content-summary
- servercomfort
description: One or more options that can be applied to the session.
elements: str
type: list
oversize-limit:
description: Maximum in-memory file size that can be scanned
type: int
ports:
description: Ports to scan for content
type: int
post-lang:
choices:
- jisx0201
- jisx0208
- jisx0212
- gb2312
- ksc5601-ex
- euc-jp
- sjis
- iso2022-jp
- iso2022-jp-1
- iso2022-jp-2
- euc-cn
- ces-gbk
- hz
- ces-big5
- euc-kr
- iso2022-jp-3
- iso8859-1
- tis620
- cp874
- cp1252
- cp1251
description: ID codes for character sets to be used to convert to UTF-8 for
banned words and DLP on HTTP posts
elements: str
type: list
proxy-after-tcp-handshake:
choices:
- disable
- enable
description: Proxy traffic after the TCP 3-way handshake has been established
type: str
range-block:
choices:
- disable
- enable
description: Enable/disable blocking of partial downloads.
type: str
retry-count:
description: Number of attempts to retry HTTP connection
type: int
scan-bzip2:
choices:
- disable
- enable
description: Enable/disable scanning of BZip2 compressed files.
type: str
ssl-offloaded:
choices:
- 'no'
- 'yes'
description: SSL decryption and encryption performed by an external device.
type: str
status:
choices:
- disable
- enable
description: Enable/disable the active status of scanning for this protocol.
type: str
stream-based-uncompressed-limit:
description: Maximum stream-based uncompressed data size that will be scanned
type: int
streaming-content-bypass:
choices:
- disable
- enable
description: Enable/disable bypassing of streaming content from buffering.
type: str
strip-x-forwarded-for:
choices:
- disable
- enable
description: Enable/disable stripping of HTTP X-Forwarded-For header.
type: str
switching-protocols:
choices:
- bypass
- block
description: Bypass from scanning, or block a connection that attempts to
switch protocol.
type: str
tcp-window-maximum:
description: Maximum dynamic TCP window size
type: int
tcp-window-minimum:
description: Minimum dynamic TCP window size
type: int
tcp-window-size:
description: Set TCP static window size
type: int
tcp-window-type:
choices:
- system
- static
- dynamic
- auto-tuning
description: Specify type of TCP window to use for this protocol.
type: str
tunnel-non-http:
choices:
- disable
- enable
description: Configure how to process non-HTTP traffic when a profile configured
for HTTP traffic accepts a non-HTTP session.
type: str
uncompressed-nest-limit:
description: Maximum nested levels of compression that can be uncompressed
and scanned
type: int
uncompressed-oversize-limit:
description: Maximum in-memory uncompressed file size that can be scanned
type: int
unknown-content-encoding:
choices:
- block
- inspect
- bypass
description: Configure the action the FortiGate unit will take on unknown
content-encoding.
type: str
unknown-http-version:
choices:
- best-effort
- reject
- tunnel
description: How to handle HTTP sessions that do not comply with HTTP 0.
type: str
verify-dns-for-policy-matching:
choices:
- disable
- enable
description: Enable/disable verification of DNS for policy matching.
type: str
type: dict
imap:
description: no description
required: false
suboptions:
inspect-all:
choices:
- disable
- enable
description: Enable/disable the inspection of all ports for the protocol.
type: str
options:
choices:
- oversize
- fragmail
- no-content-summary
description: One or more options that can be applied to the session.
elements: str
type: list
oversize-limit:
description: Maximum in-memory file size that can be scanned
type: int
ports:
description: Ports to scan for content
type: int
proxy-after-tcp-handshake:
choices:
- disable
- enable
description: Proxy traffic after the TCP 3-way handshake has been established
type: str
scan-bzip2:
choices:
- disable
- enable
description: Enable/disable scanning of BZip2 compressed files.
type: str
ssl-offloaded:
choices:
- 'no'
- 'yes'
description: SSL decryption and encryption performed by an external device.
type: str
status:
choices:
- disable
- enable
description: Enable/disable the active status of scanning for this protocol.
type: str
uncompressed-nest-limit:
description: Maximum nested levels of compression that can be uncompressed
and scanned
type: int
uncompressed-oversize-limit:
description: Maximum in-memory uncompressed file size that can be scanned
type: int
type: dict
mail-signature:
description: no description
required: false
suboptions:
signature:
description: Email signature to be added to outgoing email
type: str
status:
choices:
- disable
- enable
description: Enable/disable adding an email signature to SMTP email messages
as they pass through the FortiGate.
type: str
type: dict
mapi:
description: no description
required: false
suboptions:
options:
choices:
- fragmail
- oversize
- no-content-summary
description: One or more options that can be applied to the session.
elements: str
type: list
oversize-limit:
description: Maximum in-memory file size that can be scanned
type: int
ports:
description: Ports to scan for content
type: int
scan-bzip2:
choices:
- disable
- enable
description: Enable/disable scanning of BZip2 compressed files.
type: str
status:
choices:
- disable
- enable
description: Enable/disable the active status of scanning for this protocol.
type: str
uncompressed-nest-limit:
description: Maximum nested levels of compression that can be uncompressed
and scanned
type: int
uncompressed-oversize-limit:
description: Maximum in-memory uncompressed file size that can be scanned
type: int
type: dict
name:
description: Name.
type: str
nntp:
description: no description
required: false
suboptions:
inspect-all:
choices:
- disable
- enable
description: Enable/disable the inspection of all ports for the protocol.
type: str
options:
choices:
- oversize
- no-content-summary
- splice
description: One or more options that can be applied to the session.
elements: str
type: list
oversize-limit:
description: Maximum in-memory file size that can be scanned
type: int
ports:
description: Ports to scan for content
type: int
proxy-after-tcp-handshake:
choices:
- disable
- enable
description: Proxy traffic after the TCP 3-way handshake has been established
type: str
scan-bzip2:
choices:
- disable
- enable
description: Enable/disable scanning of BZip2 compressed files.
type: str
status:
choices:
- disable
- enable
description: Enable/disable the active status of scanning for this protocol.
type: str
uncompressed-nest-limit:
description: Maximum nested levels of compression that can be uncompressed
and scanned
type: int
uncompressed-oversize-limit:
description: Maximum in-memory uncompressed file size that can be scanned
type: int
type: dict
oversize-log:
choices:
- disable
- enable
description: Enable/disable logging for antivirus oversize file blocking.
type: str
pop3:
description: no description
required: false
suboptions:
inspect-all:
choices:
- disable
- enable
description: Enable/disable the inspection of all ports for the protocol.
type: str
options:
choices:
- oversize
- fragmail
- no-content-summary
description: One or more options that can be applied to the session.
elements: str
type: list
oversize-limit:
description: Maximum in-memory file size that can be scanned
type: int
ports:
description: Ports to scan for content
type: int
proxy-after-tcp-handshake:
choices:
- disable
- enable
description: Proxy traffic after the TCP 3-way handshake has been established
type: str
scan-bzip2:
choices:
- disable
- enable
description: Enable/disable scanning of BZip2 compressed files.
type: str
ssl-offloaded:
choices:
- 'no'
- 'yes'
description: SSL decryption and encryption performed by an external device.
type: str
status:
choices:
- disable
- enable
description: Enable/disable the active status of scanning for this protocol.
type: str
uncompressed-nest-limit:
description: Maximum nested levels of compression that can be uncompressed
and scanned
type: int
uncompressed-oversize-limit:
description: Maximum in-memory uncompressed file size that can be scanned
type: int
type: dict
replacemsg-group:
description: Name of the replacement message group to be used
type: str
rpc-over-http:
choices:
- disable
- enable
description: Enable/disable inspection of RPC over HTTP.
type: str
smtp:
description: no description
required: false
suboptions:
inspect-all:
choices:
- disable
- enable
description: Enable/disable the inspection of all ports for the protocol.
type: str
options:
choices:
- oversize
- fragmail
- no-content-summary
- splice
description: One or more options that can be applied to the session.
elements: str
type: list
oversize-limit:
description: Maximum in-memory file size that can be scanned
type: int
ports:
description: Ports to scan for content
type: int
proxy-after-tcp-handshake:
choices:
- disable
- enable
description: Proxy traffic after the TCP 3-way handshake has been established
type: str
scan-bzip2:
choices:
- disable
- enable
description: Enable/disable scanning of BZip2 compressed files.
type: str
server-busy:
choices:
- disable
- enable
description: Enable/disable SMTP server busy when server not available.
type: str
ssl-offloaded:
choices:
- 'no'
- 'yes'
description: SSL decryption and encryption performed by an external device.
type: str
status:
choices:
- disable
- enable
description: Enable/disable the active status of scanning for this protocol.
type: str
uncompressed-nest-limit:
description: Maximum nested levels of compression that can be uncompressed
and scanned
type: int
uncompressed-oversize-limit:
description: Maximum in-memory uncompressed file size that can be scanned
type: int
type: dict
ssh:
description: no description
required: false
suboptions:
comfort-amount:
description: Amount of data to send in a transmission for client comforting
type: int
comfort-interval:
description: Period of time between start, or last transmission, and the next
client comfort transmission of data
type: int
options:
choices:
- oversize
- clientcomfort
- servercomfort
description: One or more options that can be applied to the session.
elements: str
type: list
oversize-limit:
description: Maximum in-memory file size that can be scanned
type: int
scan-bzip2:
choices:
- disable
- enable
description: Enable/disable scanning of BZip2 compressed files.
type: str
ssl-offloaded:
choices:
- 'no'
- 'yes'
description: SSL decryption and encryption performed by an external device.
type: str
stream-based-uncompressed-limit:
description: Maximum stream-based uncompressed data size that will be scanned
type: int
tcp-window-maximum:
description: Maximum dynamic TCP window size.
type: int
tcp-window-minimum:
description: Minimum dynamic TCP window size.
type: int
tcp-window-size:
description: Set TCP static window size.
type: int
tcp-window-type:
choices:
- system
- static
- dynamic
- auto-tuning
description: TCP window type to use for this protocol.
type: str
uncompressed-nest-limit:
description: Maximum nested levels of compression that can be uncompressed
and scanned
type: int
uncompressed-oversize-limit:
description: Maximum in-memory uncompressed file size that can be scanned
type: int
type: dict
switching-protocols-log:
choices:
- disable
- enable
description: Enable/disable logging for HTTP/HTTPS switching protocols.
type: str
type: dict
meta:
contains:
request_url:
description: The full url requested.
returned: always
sample: /sys/login/user
type: str
response_code:
description: The status of api request.
returned: always
sample: 0
type: int
response_data:
description: The api response.
returned: always
type: list
response_message:
description: The descriptive message of the api response.
returned: always
sample: OK.
type: str
system_information:
description: The information of the target system.
returned: always
type: dict
description: The result of the request.
returned: always
type: dict
rc:
description: The status the request.
returned: always
sample: 0
type: int
version_check_warning:
description: Warning if the parameters used in the playbook are not supported by
the current FortiManager version.
returned: complex
type: list