Try SpotterConfigure IPv6 policies.
| "added in version" 2.0.0 of drmofu.fortimanager"
Authors: Xinwei Du (@dux-fortinet), Xing Li (@lix-fortinet), Jie Xue (@JieX19), Link Zheng (@chillancezen), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu)
preview | supported by community
Install with ansible-galaxy collection install drmofu.fortimanager:==2.2.2
collections:
- name: drmofu.fortimanager
version: 2.2.2This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- name: gathering fortimanager facts
hosts: fortimanager00
gather_facts: no
connection: httpapi
collections:
- fortinet.fortimanager
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: retrieve all the IPv6 header policies
fmgr_fact:
facts:
selector: 'pkg_header_policy6'
params:
pkg: 'ansible'
policy6: 'your_value'
- hosts: fortimanager00
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: Configure IPv6 header policies.
fmgr_pkg_header_policy6:
bypass_validation: False
pkg: ansible
state: present
pkg_header_policy6:
action: accept #<value in [deny, accept, ipsec, ...]>
comments: ansible-comment
dstaddr: gall
dstintf: any
name: ansible-test2-header
policyid: 1073741827 # must larger than 2^30(1074741824), since header/footer policy is a special policy
schedule: galways
service: gALL
srcaddr: gall
srcintf: any
status: enable
pkg:
description: the parameter (pkg) in requested url
required: true
type: str
state:
choices:
- present
- absent
description: The directive to create, update or delete an object.
required: true
type: str
rc_failed:
description: The rc codes list with which the conditions to fail will be overriden.
elements: int
required: false
type: list
enable_log:
default: false
description: Enable/Disable logging for task.
required: false
type: bool
access_token:
description: The token to access FortiManager without using username and password.
required: false
type: str
rc_succeeded:
description: The rc codes list with which the conditions to succeed will be overriden.
elements: int
required: false
type: list
proposed_method:
choices:
- update
- set
- add
description: The overridden method for the underlying Json RPC request.
required: false
type: str
bypass_validation:
default: false
description: Only set to True when module schema diffs with FortiManager API structure,
module continues to execute without validating parameters.
required: false
type: bool
pkg_header_policy6:
description: the top level parameters set
required: false
suboptions:
_policy_block:
description: Assigned policy block.
type: int
action:
choices:
- deny
- accept
- ipsec
- ssl-vpn
description: no description
type: str
anti-replay:
choices:
- disable
- enable
description: no description
type: str
app-category:
description: no description
type: str
app-group:
description: no description
type: str
application:
description: description
type: int
application-charts:
choices:
- top10-app
- top10-p2p-user
- top10-media-user
description: description
elements: str
type: list
application-list:
description: no description
type: str
auto-asic-offload:
choices:
- disable
- enable
description: no description
type: str
av-profile:
description: no description
type: str
casi-profile:
description: no description
type: str
cgn-log-server-grp:
description: NP log server group name
type: str
cifs-profile:
description: no description
type: str
comments:
description: no description
type: str
custom-log-fields:
description: no description
type: str
decrypted-traffic-mirror:
description: no description
type: str
deep-inspection-options:
description: no description
type: str
device-detection-portal:
choices:
- disable
- enable
description: no description
type: str
devices:
description: no description
type: str
diffserv-forward:
choices:
- disable
- enable
description: no description
type: str
diffserv-reverse:
choices:
- disable
- enable
description: no description
type: str
diffservcode-forward:
description: no description
type: str
diffservcode-rev:
description: no description
type: str
dlp-sensor:
description: no description
type: str
dnsfilter-profile:
description: no description
type: str
dscp-match:
choices:
- disable
- enable
description: no description
type: str
dscp-negate:
choices:
- disable
- enable
description: no description
type: str
dscp-value:
description: no description
type: str
dsri:
choices:
- disable
- enable
description: no description
type: str
dstaddr:
description: no description
type: str
dstaddr-negate:
choices:
- disable
- enable
description: no description
type: str
dstintf:
description: no description
type: str
dynamic-profile:
choices:
- disable
- enable
description: no description
type: str
dynamic-profile-access:
choices:
- imap
- smtp
- pop3
- http
- ftp
- im
- nntp
- imaps
- smtps
- pop3s
- https
- ftps
description: description
elements: str
type: list
dynamic-profile-group:
description: no description
type: str
email-collection-portal:
choices:
- disable
- enable
description: no description
type: str
emailfilter-profile:
description: no description
type: str
file-filter-profile:
description: no description
type: str
firewall-session-dirty:
choices:
- check-all
- check-new
description: no description
type: str
fixedport:
choices:
- disable
- enable
description: no description
type: str
fsae:
choices:
- disable
- enable
description: no description
type: str
fsso-groups:
description: no description
type: str
global-label:
description: no description
type: str
groups:
description: no description
type: str
http-policy-redirect:
choices:
- disable
- enable
description: no description
type: str
icap-profile:
description: no description
type: str
identity-based:
choices:
- disable
- enable
description: no description
type: str
identity-based-policy6:
description: description
elements: dict
suboptions:
action:
choices:
- deny
- accept
description: no description
type: str
application-list:
description: no description
type: str
av-profile:
description: no description
type: str
deep-inspection-options:
description: no description
type: str
devices:
description: no description
type: str
dlp-sensor:
description: no description
type: str
endpoint-compliance:
choices:
- disable
- enable
description: no description
type: str
groups:
description: no description
type: str
icap-profile:
description: no description
type: str
id:
description: no description
type: int
ips-sensor:
description: no description
type: str
logtraffic:
choices:
- disable
- enable
- all
- utm
description: no description
type: str
mms-profile:
description: no description
type: str
per-ip-shaper:
description: no description
type: str
profile-group:
description: no description
type: str
profile-protocol-options:
description: no description
type: str
profile-type:
choices:
- single
- group
description: no description
type: str
replacemsg-group:
description: no description
type: str
schedule:
description: no description
type: str
send-deny-packet:
choices:
- disable
- enable
description: no description
type: str
service:
description: no description
type: str
service-negate:
choices:
- disable
- enable
description: no description
type: str
spamfilter-profile:
description: no description
type: str
sslvpn-portal:
description: no description
type: str
sslvpn-realm:
description: no description
type: str
traffic-shaper:
description: no description
type: str
traffic-shaper-reverse:
description: no description
type: str
utm-status:
choices:
- disable
- enable
description: no description
type: str
voip-profile:
description: no description
type: str
webfilter-profile:
description: no description
type: str
type: list
identity-from:
choices:
- auth
- device
description: no description
type: str
inbound:
choices:
- disable
- enable
description: no description
type: str
inspection-mode:
choices:
- proxy
- flow
description: no description
type: str
ippool:
choices:
- disable
- enable
description: no description
type: str
ips-sensor:
description: no description
type: str
label:
description: no description
type: str
logtraffic:
choices:
- disable
- enable
- all
- utm
description: no description
type: str
logtraffic-start:
choices:
- disable
- enable
description: no description
type: str
mms-profile:
description: no description
type: str
name:
description: no description
type: str
nat:
choices:
- disable
- enable
description: no description
type: str
natinbound:
choices:
- disable
- enable
description: no description
type: str
natoutbound:
choices:
- disable
- enable
description: no description
type: str
np-accelation:
choices:
- disable
- enable
description: no description
type: str
np-acceleration:
choices:
- disable
- enable
description: no description
type: str
outbound:
choices:
- disable
- enable
description: no description
type: str
per-ip-shaper:
description: no description
type: str
policy-offload:
choices:
- disable
- enable
description: Enable/disable offloading policy configuration to CP processors.
type: str
policyid:
description: no description
type: int
poolname:
description: no description
type: str
profile-group:
description: no description
type: str
profile-protocol-options:
description: no description
type: str
profile-type:
choices:
- single
- group
description: no description
type: str
replacemsg-group:
description: no description
type: str
replacemsg-override-group:
description: no description
type: str
rsso:
choices:
- disable
- enable
description: no description
type: str
schedule:
description: no description
type: str
send-deny-packet:
choices:
- disable
- enable
description: no description
type: str
service:
description: no description
type: str
service-negate:
choices:
- disable
- enable
description: no description
type: str
session-ttl:
description: no description
type: int
spamfilter-profile:
description: no description
type: str
srcaddr:
description: no description
type: str
srcaddr-negate:
choices:
- disable
- enable
description: no description
type: str
srcintf:
description: no description
type: str
ssh-filter-profile:
description: no description
type: str
ssh-policy-redirect:
choices:
- disable
- enable
description: no description
type: str
ssl-mirror:
choices:
- disable
- enable
description: no description
type: str
ssl-mirror-intf:
description: no description
type: str
ssl-ssh-profile:
description: no description
type: str
sslvpn-auth:
choices:
- any
- local
- radius
- ldap
- tacacs+
description: no description
type: str
sslvpn-ccert:
choices:
- disable
- enable
description: no description
type: str
sslvpn-cipher:
choices:
- any
- high
- medium
description: no description
type: str
status:
choices:
- disable
- enable
description: no description
type: str
tags:
description: no description
type: str
tcp-mss-receiver:
description: no description
type: int
tcp-mss-sender:
description: no description
type: int
tcp-session-without-syn:
choices:
- all
- data-only
- disable
description: no description
type: str
timeout-send-rst:
choices:
- disable
- enable
description: no description
type: str
tos:
description: no description
type: str
tos-mask:
description: no description
type: str
tos-negate:
choices:
- disable
- enable
description: no description
type: str
traffic-shaper:
description: no description
type: str
traffic-shaper-reverse:
description: no description
type: str
url-category:
description: no description
type: str
users:
description: no description
type: str
utm-inspection-mode:
choices:
- proxy
- flow
description: no description
type: str
utm-status:
choices:
- disable
- enable
description: no description
type: str
uuid:
description: no description
type: str
vlan-cos-fwd:
description: no description
type: int
vlan-cos-rev:
description: no description
type: int
vlan-filter:
description: no description
type: str
voip-profile:
description: no description
type: str
vpntunnel:
description: no description
type: str
waf-profile:
description: no description
type: str
webcache:
choices:
- disable
- enable
description: no description
type: str
webcache-https:
choices:
- disable
- enable
description: no description
type: str
webfilter-profile:
description: no description
type: str
webproxy-forward-server:
description: no description
type: str
webproxy-profile:
description: no description
type: str
type: dict
workspace_locking_adom:
description: The adom to lock for FortiManager running in workspace mode, the value
can be global and others including root.
required: false
type: str
forticloud_access_token:
description: Authenticate Ansible client with forticloud API access token.
required: false
type: str
workspace_locking_timeout:
default: 300
description: The maximum time in seconds to wait for other user to release the workspace
lock.
required: false
type: int
meta:
contains:
request_url:
description: The full url requested.
returned: always
sample: /sys/login/user
type: str
response_code:
description: The status of api request.
returned: always
sample: 0
type: int
response_data:
description: The api response.
returned: always
type: list
response_message:
description: The descriptive message of the api response.
returned: always
sample: OK.
type: str
system_information:
description: The information of the target system.
returned: always
type: dict
description: The result of the request.
returned: always
type: dict
rc:
description: The status the request.
returned: always
sample: 0
type: int
version_check_warning:
description: Warning if the parameters used in the playbook are not supported by
the current FortiManager version.
returned: complex
type: list