drmofu / drmofu.fortimanager / 2.2.2 / module / fmgr_firewall_profileprotocoloptions Configure protocol options. | "added in version" 2.0.0 of drmofu.fortimanager" Authors: Xinwei Du (@dux-fortinet), Xing Li (@lix-fortinet), Jie Xue (@JieX19), Link Zheng (@chillancezen), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu) preview | supported by communitydrmofu.fortimanager.fmgr_firewall_profileprotocoloptions (2.2.2) — module
Install with ansible-galaxy collection install drmofu.fortimanager:==2.2.2
collections: - name: drmofu.fortimanager version: 2.2.2
This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- hosts: fortimanager00 collections: - fortinet.fortimanager connection: httpapi vars: ansible_httpapi_use_ssl: True ansible_httpapi_validate_certs: False ansible_httpapi_port: 443 tasks: - name: Configure protocol options. fmgr_firewall_profileprotocoloptions: bypass_validation: False adom: ansible state: present firewall_profileprotocoloptions: comment: 'ansible-comment' name: 'ansible-test'
- name: gathering fortimanager facts hosts: fortimanager00 gather_facts: no connection: httpapi collections: - fortinet.fortimanager vars: ansible_httpapi_use_ssl: True ansible_httpapi_validate_certs: False ansible_httpapi_port: 443 tasks: - name: retrieve all the profile protocol options fmgr_fact: facts: selector: 'firewall_profileprotocoloptions' params: adom: 'ansible' profile-protocol-options: 'your_value'
adom: description: the parameter (adom) in requested url required: true type: str state: choices: - present - absent description: The directive to create, update or delete an object. required: true type: str rc_failed: description: The rc codes list with which the conditions to fail will be overriden. elements: int required: false type: list enable_log: default: false description: Enable/Disable logging for task. required: false type: bool access_token: description: The token to access FortiManager without using username and password. required: false type: str rc_succeeded: description: The rc codes list with which the conditions to succeed will be overriden. elements: int required: false type: list proposed_method: choices: - update - set - add description: The overridden method for the underlying Json RPC request. required: false type: str bypass_validation: default: false description: Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. required: false type: bool workspace_locking_adom: description: The adom to lock for FortiManager running in workspace mode, the value can be global and others including root. required: false type: str forticloud_access_token: description: Authenticate Ansible client with forticloud API access token. required: false type: str workspace_locking_timeout: default: 300 description: The maximum time in seconds to wait for other user to release the workspace lock. required: false type: int firewall_profileprotocoloptions: description: the top level parameters set required: false suboptions: cifs: description: no description required: false suboptions: domain-controller: description: Domain for which to decrypt CIFS traffic. type: str file-filter: description: no description required: false suboptions: entries: description: Entries. elements: dict suboptions: action: choices: - log - block description: Action taken for matched file. type: str comment: description: Comment. type: str direction: choices: - any - incoming - outgoing description: Match files transmitted in the sessions originating or reply direction. type: str file-type: description: Select file type. type: str filter: description: Add a file filter. type: str protocol: choices: - cifs description: Protocols to apply with. elements: str type: list type: list log: choices: - disable - enable description: Enable/disable file filter logging. type: str status: choices: - disable - enable description: Enable/disable file filter. type: str type: dict options: choices: - oversize description: One or more options that can be applied to the session. elements: str type: list oversize-limit: description: Maximum in-memory file size that can be scanned type: int ports: description: Ports to scan for content type: int scan-bzip2: choices: - disable - enable description: Enable/disable scanning of BZip2 compressed files. type: str server-credential-type: choices: - none - credential-replication - credential-keytab description: CIFS server credential type. type: str server-keytab: description: Server-Keytab. elements: dict suboptions: keytab: description: Base64 encoded keytab file containing credential of the server. type: str password: description: Password for keytab. type: str principal: description: Service principal. type: str type: list status: choices: - disable - enable description: Enable/disable the active status of scanning for this protocol. type: str tcp-window-maximum: description: Maximum dynamic TCP window size type: int tcp-window-minimum: description: Minimum dynamic TCP window size type: int tcp-window-size: description: Set TCP static window size type: int tcp-window-type: choices: - system - static - dynamic - auto-tuning description: Specify type of TCP window to use for this protocol. type: str uncompressed-nest-limit: description: Maximum nested levels of compression that can be uncompressed and scanned type: int uncompressed-oversize-limit: description: Maximum in-memory uncompressed file size that can be scanned type: int type: dict comment: description: Optional comments. type: str dns: description: no description required: false suboptions: ports: description: Ports to scan for content type: int status: choices: - disable - enable description: Enable/disable the active status of scanning for this protocol. type: str type: dict feature-set: choices: - proxy - flow description: Flow/proxy feature set. type: str ftp: description: no description required: false suboptions: comfort-amount: description: Amount of data to send in a transmission for client comforting type: int comfort-interval: description: Period of time between start, or last transmission, and the next client comfort transmission of data type: int explicit-ftp-tls: choices: - disable - enable description: Enable/disable FTP redirection for explicit FTPS. type: str inspect-all: choices: - disable - enable description: Enable/disable the inspection of all ports for the protocol. type: str options: choices: - clientcomfort - no-content-summary - oversize - splice - bypass-rest-command - bypass-mode-command description: One or more options that can be applied to the session. elements: str type: list oversize-limit: description: Maximum in-memory file size that can be scanned type: int ports: description: Ports to scan for content type: int scan-bzip2: choices: - disable - enable description: Enable/disable scanning of BZip2 compressed files. type: str ssl-offloaded: choices: - 'no' - 'yes' description: SSL decryption and encryption performed by an external device. type: str status: choices: - disable - enable description: Enable/disable the active status of scanning for this protocol. type: str stream-based-uncompressed-limit: description: Maximum stream-based uncompressed data size that will be scanned type: int tcp-window-maximum: description: Maximum dynamic TCP window size. type: int tcp-window-minimum: description: Minimum dynamic TCP window size. type: int tcp-window-size: description: Set TCP static window size. type: int tcp-window-type: choices: - system - static - dynamic - auto-tuning description: TCP window type to use for this protocol. type: str uncompressed-nest-limit: description: Maximum nested levels of compression that can be uncompressed and scanned type: int uncompressed-oversize-limit: description: Maximum in-memory uncompressed file size that can be scanned type: int type: dict http: description: no description required: false suboptions: address-ip-rating: choices: - disable - enable description: Enable/disable IP based URL rating. type: str block-page-status-code: description: Code number returned for blocked HTTP pages type: int comfort-amount: description: Amount of data to send in a transmission for client comforting type: int comfort-interval: description: Period of time between start, or last transmission, and the next client comfort transmission of data type: int fortinet-bar: choices: - disable - enable description: Enable/disable Fortinet bar on HTML content. type: str fortinet-bar-port: description: Port for use by Fortinet Bar type: int h2c: choices: - disable - enable description: Enable/disable h2c HTTP connection upgrade. type: str http-policy: choices: - disable - enable description: Enable/disable HTTP policy check. type: str inspect-all: choices: - disable - enable description: Enable/disable the inspection of all ports for the protocol. type: str options: choices: - oversize - chunkedbypass - clientcomfort - no-content-summary - servercomfort description: One or more options that can be applied to the session. elements: str type: list oversize-limit: description: Maximum in-memory file size that can be scanned type: int ports: description: Ports to scan for content type: int post-lang: choices: - jisx0201 - jisx0208 - jisx0212 - gb2312 - ksc5601-ex - euc-jp - sjis - iso2022-jp - iso2022-jp-1 - iso2022-jp-2 - euc-cn - ces-gbk - hz - ces-big5 - euc-kr - iso2022-jp-3 - iso8859-1 - tis620 - cp874 - cp1252 - cp1251 description: ID codes for character sets to be used to convert to UTF-8 for banned words and DLP on HTTP posts elements: str type: list proxy-after-tcp-handshake: choices: - disable - enable description: Proxy traffic after the TCP 3-way handshake has been established type: str range-block: choices: - disable - enable description: Enable/disable blocking of partial downloads. type: str retry-count: description: Number of attempts to retry HTTP connection type: int scan-bzip2: choices: - disable - enable description: Enable/disable scanning of BZip2 compressed files. type: str ssl-offloaded: choices: - 'no' - 'yes' description: SSL decryption and encryption performed by an external device. type: str status: choices: - disable - enable description: Enable/disable the active status of scanning for this protocol. type: str stream-based-uncompressed-limit: description: Maximum stream-based uncompressed data size that will be scanned type: int streaming-content-bypass: choices: - disable - enable description: Enable/disable bypassing of streaming content from buffering. type: str strip-x-forwarded-for: choices: - disable - enable description: Enable/disable stripping of HTTP X-Forwarded-For header. type: str switching-protocols: choices: - bypass - block description: Bypass from scanning, or block a connection that attempts to switch protocol. type: str tcp-window-maximum: description: Maximum dynamic TCP window size type: int tcp-window-minimum: description: Minimum dynamic TCP window size type: int tcp-window-size: description: Set TCP static window size type: int tcp-window-type: choices: - system - static - dynamic - auto-tuning description: Specify type of TCP window to use for this protocol. type: str tunnel-non-http: choices: - disable - enable description: Configure how to process non-HTTP traffic when a profile configured for HTTP traffic accepts a non-HTTP session. type: str uncompressed-nest-limit: description: Maximum nested levels of compression that can be uncompressed and scanned type: int uncompressed-oversize-limit: description: Maximum in-memory uncompressed file size that can be scanned type: int unknown-content-encoding: choices: - block - inspect - bypass description: Configure the action the FortiGate unit will take on unknown content-encoding. type: str unknown-http-version: choices: - best-effort - reject - tunnel description: How to handle HTTP sessions that do not comply with HTTP 0. type: str verify-dns-for-policy-matching: choices: - disable - enable description: Enable/disable verification of DNS for policy matching. type: str type: dict imap: description: no description required: false suboptions: inspect-all: choices: - disable - enable description: Enable/disable the inspection of all ports for the protocol. type: str options: choices: - oversize - fragmail - no-content-summary description: One or more options that can be applied to the session. elements: str type: list oversize-limit: description: Maximum in-memory file size that can be scanned type: int ports: description: Ports to scan for content type: int proxy-after-tcp-handshake: choices: - disable - enable description: Proxy traffic after the TCP 3-way handshake has been established type: str scan-bzip2: choices: - disable - enable description: Enable/disable scanning of BZip2 compressed files. type: str ssl-offloaded: choices: - 'no' - 'yes' description: SSL decryption and encryption performed by an external device. type: str status: choices: - disable - enable description: Enable/disable the active status of scanning for this protocol. type: str uncompressed-nest-limit: description: Maximum nested levels of compression that can be uncompressed and scanned type: int uncompressed-oversize-limit: description: Maximum in-memory uncompressed file size that can be scanned type: int type: dict mail-signature: description: no description required: false suboptions: signature: description: Email signature to be added to outgoing email type: str status: choices: - disable - enable description: Enable/disable adding an email signature to SMTP email messages as they pass through the FortiGate. type: str type: dict mapi: description: no description required: false suboptions: options: choices: - fragmail - oversize - no-content-summary description: One or more options that can be applied to the session. elements: str type: list oversize-limit: description: Maximum in-memory file size that can be scanned type: int ports: description: Ports to scan for content type: int scan-bzip2: choices: - disable - enable description: Enable/disable scanning of BZip2 compressed files. type: str status: choices: - disable - enable description: Enable/disable the active status of scanning for this protocol. type: str uncompressed-nest-limit: description: Maximum nested levels of compression that can be uncompressed and scanned type: int uncompressed-oversize-limit: description: Maximum in-memory uncompressed file size that can be scanned type: int type: dict name: description: Name. type: str nntp: description: no description required: false suboptions: inspect-all: choices: - disable - enable description: Enable/disable the inspection of all ports for the protocol. type: str options: choices: - oversize - no-content-summary - splice description: One or more options that can be applied to the session. elements: str type: list oversize-limit: description: Maximum in-memory file size that can be scanned type: int ports: description: Ports to scan for content type: int proxy-after-tcp-handshake: choices: - disable - enable description: Proxy traffic after the TCP 3-way handshake has been established type: str scan-bzip2: choices: - disable - enable description: Enable/disable scanning of BZip2 compressed files. type: str status: choices: - disable - enable description: Enable/disable the active status of scanning for this protocol. type: str uncompressed-nest-limit: description: Maximum nested levels of compression that can be uncompressed and scanned type: int uncompressed-oversize-limit: description: Maximum in-memory uncompressed file size that can be scanned type: int type: dict oversize-log: choices: - disable - enable description: Enable/disable logging for antivirus oversize file blocking. type: str pop3: description: no description required: false suboptions: inspect-all: choices: - disable - enable description: Enable/disable the inspection of all ports for the protocol. type: str options: choices: - oversize - fragmail - no-content-summary description: One or more options that can be applied to the session. elements: str type: list oversize-limit: description: Maximum in-memory file size that can be scanned type: int ports: description: Ports to scan for content type: int proxy-after-tcp-handshake: choices: - disable - enable description: Proxy traffic after the TCP 3-way handshake has been established type: str scan-bzip2: choices: - disable - enable description: Enable/disable scanning of BZip2 compressed files. type: str ssl-offloaded: choices: - 'no' - 'yes' description: SSL decryption and encryption performed by an external device. type: str status: choices: - disable - enable description: Enable/disable the active status of scanning for this protocol. type: str uncompressed-nest-limit: description: Maximum nested levels of compression that can be uncompressed and scanned type: int uncompressed-oversize-limit: description: Maximum in-memory uncompressed file size that can be scanned type: int type: dict replacemsg-group: description: Name of the replacement message group to be used type: str rpc-over-http: choices: - disable - enable description: Enable/disable inspection of RPC over HTTP. type: str smtp: description: no description required: false suboptions: inspect-all: choices: - disable - enable description: Enable/disable the inspection of all ports for the protocol. type: str options: choices: - oversize - fragmail - no-content-summary - splice description: One or more options that can be applied to the session. elements: str type: list oversize-limit: description: Maximum in-memory file size that can be scanned type: int ports: description: Ports to scan for content type: int proxy-after-tcp-handshake: choices: - disable - enable description: Proxy traffic after the TCP 3-way handshake has been established type: str scan-bzip2: choices: - disable - enable description: Enable/disable scanning of BZip2 compressed files. type: str server-busy: choices: - disable - enable description: Enable/disable SMTP server busy when server not available. type: str ssl-offloaded: choices: - 'no' - 'yes' description: SSL decryption and encryption performed by an external device. type: str status: choices: - disable - enable description: Enable/disable the active status of scanning for this protocol. type: str uncompressed-nest-limit: description: Maximum nested levels of compression that can be uncompressed and scanned type: int uncompressed-oversize-limit: description: Maximum in-memory uncompressed file size that can be scanned type: int type: dict ssh: description: no description required: false suboptions: comfort-amount: description: Amount of data to send in a transmission for client comforting type: int comfort-interval: description: Period of time between start, or last transmission, and the next client comfort transmission of data type: int options: choices: - oversize - clientcomfort - servercomfort description: One or more options that can be applied to the session. elements: str type: list oversize-limit: description: Maximum in-memory file size that can be scanned type: int scan-bzip2: choices: - disable - enable description: Enable/disable scanning of BZip2 compressed files. type: str ssl-offloaded: choices: - 'no' - 'yes' description: SSL decryption and encryption performed by an external device. type: str stream-based-uncompressed-limit: description: Maximum stream-based uncompressed data size that will be scanned type: int tcp-window-maximum: description: Maximum dynamic TCP window size. type: int tcp-window-minimum: description: Minimum dynamic TCP window size. type: int tcp-window-size: description: Set TCP static window size. type: int tcp-window-type: choices: - system - static - dynamic - auto-tuning description: TCP window type to use for this protocol. type: str uncompressed-nest-limit: description: Maximum nested levels of compression that can be uncompressed and scanned type: int uncompressed-oversize-limit: description: Maximum in-memory uncompressed file size that can be scanned type: int type: dict switching-protocols-log: choices: - disable - enable description: Enable/disable logging for HTTP/HTTPS switching protocols. type: str type: dict
meta: contains: request_url: description: The full url requested. returned: always sample: /sys/login/user type: str response_code: description: The status of api request. returned: always sample: 0 type: int response_data: description: The api response. returned: always type: list response_message: description: The descriptive message of the api response. returned: always sample: OK. type: str system_information: description: The information of the target system. returned: always type: dict description: The result of the request. returned: always type: dict rc: description: The status the request. returned: always sample: 0 type: int version_check_warning: description: Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: complex type: list