Try SpotterConfigure consolidated IPv4/IPv6 policies.
| "added in version" 2.2.0 of drmofu.fortimanager"
Authors: Xinwei Du (@dux-fortinet), Xing Li (@lix-fortinet), Jie Xue (@JieX19), Link Zheng (@chillancezen), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu)
preview | supported by community
Install with ansible-galaxy collection install drmofu.fortimanager:==2.2.2
collections:
- name: drmofu.fortimanager
version: 2.2.2This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: Configure consolidated IPv4/IPv6 policies.
fmgr_pm_config_pblock_firewall_consolidated_policy:
bypass_validation: False
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
rc_succeeded: [0, -2, -3, ...]
rc_failed: [-2, -3, ...]
adom: <your own value>
pblock: <your own value>
state: <value in [present, absent]>
pm_config_pblock_firewall_consolidated_policy:
_policy_block: <value of integer>
action: <value in [deny, accept, ipsec]>
app-category: <value of string>
app-group: <value of string>
application: <value of integer>
application-list: <value of string>
auto-asic-offload: <value in [disable, enable]>
av-profile: <value of string>
captive-portal-exempt: <value in [disable, enable]>
cifs-profile: <value of string>
comments: <value of string>
diffserv-forward: <value in [disable, enable]>
diffserv-reverse: <value in [disable, enable]>
diffservcode-forward: <value of string>
diffservcode-rev: <value of string>
dlp-sensor: <value of string>
dnsfilter-profile: <value of string>
dstaddr-negate: <value in [disable, enable]>
dstaddr4: <value of string>
dstaddr6: <value of string>
dstintf: <value of string>
emailfilter-profile: <value of string>
fixedport: <value in [disable, enable]>
fsso-groups: <value of string>
global-label: <value of string>
groups: <value of string>
http-policy-redirect: <value in [disable, enable]>
icap-profile: <value of string>
inbound: <value in [disable, enable]>
inspection-mode: <value in [proxy, flow]>
internet-service: <value in [disable, enable]>
internet-service-custom: <value of string>
internet-service-custom-group: <value of string>
internet-service-group: <value of string>
internet-service-id: <value of string>
internet-service-negate: <value in [disable, enable]>
internet-service-src: <value in [disable, enable]>
internet-service-src-custom: <value of string>
internet-service-src-custom-group: <value of string>
internet-service-src-group: <value of string>
internet-service-src-id: <value of string>
internet-service-src-negate: <value in [disable, enable]>
ippool: <value in [disable, enable]>
ips-sensor: <value of string>
logtraffic: <value in [disable, all, utm]>
logtraffic-start: <value in [disable, enable]>
mms-profile: <value of string>
name: <value of string>
nat: <value in [disable, enable]>
outbound: <value in [disable, enable]>
per-ip-shaper: <value of string>
policyid: <value of integer>
poolname4: <value of string>
poolname6: <value of string>
profile-group: <value of string>
profile-protocol-options: <value of string>
profile-type: <value in [single, group]>
schedule: <value of string>
service: <value of string>
service-negate: <value in [disable, enable]>
session-ttl: <value of integer>
srcaddr-negate: <value in [disable, enable]>
srcaddr4: <value of string>
srcaddr6: <value of string>
srcintf: <value of string>
ssh-filter-profile: <value of string>
ssh-policy-redirect: <value in [disable, enable]>
ssl-ssh-profile: <value of string>
status: <value in [disable, enable]>
tcp-mss-receiver: <value of integer>
tcp-mss-sender: <value of integer>
traffic-shaper: <value of string>
traffic-shaper-reverse: <value of string>
url-category: <value of string>
users: <value of string>
utm-status: <value in [disable, enable]>
uuid: <value of string>
voip-profile: <value of string>
vpntunnel: <value of string>
waf-profile: <value of string>
wanopt: <value in [disable, enable]>
wanopt-detection: <value in [active, passive, off]>
wanopt-passive-opt: <value in [default, transparent, non-transparent]>
wanopt-peer: <value of string>
wanopt-profile: <value of string>
webcache: <value in [disable, enable]>
webcache-https: <value in [disable, enable]>
webfilter-profile: <value of string>
webproxy-forward-server: <value of string>
webproxy-profile: <value of string>
adom:
description: the parameter (adom) in requested url
required: true
type: str
state:
choices:
- present
- absent
description: The directive to create, update or delete an object.
required: true
type: str
pblock:
description: the parameter (pblock) in requested url
required: true
type: str
rc_failed:
description: The rc codes list with which the conditions to fail will be overriden.
elements: int
required: false
type: list
enable_log:
default: false
description: Enable/Disable logging for task.
required: false
type: bool
access_token:
description: The token to access FortiManager without using username and password.
required: false
type: str
rc_succeeded:
description: The rc codes list with which the conditions to succeed will be overriden.
elements: int
required: false
type: list
proposed_method:
choices:
- update
- set
- add
description: The overridden method for the underlying Json RPC request.
required: false
type: str
bypass_validation:
default: false
description: Only set to True when module schema diffs with FortiManager API structure,
module continues to execute without validating parameters.
required: false
type: bool
workspace_locking_adom:
description: The adom to lock for FortiManager running in workspace mode, the value
can be global and others including root.
required: false
type: str
forticloud_access_token:
description: Authenticate Ansible client with forticloud API access token.
required: false
type: str
workspace_locking_timeout:
default: 300
description: The maximum time in seconds to wait for other user to release the workspace
lock.
required: false
type: int
pm_config_pblock_firewall_consolidated_policy:
description: the top level parameters set
required: false
suboptions:
_policy_block:
description: Assigned policy block.
type: int
action:
choices:
- deny
- accept
- ipsec
description: Policy action
type: str
app-category:
description: description
type: str
app-group:
description: description
type: str
application:
description: description
type: int
application-list:
description: Name of an existing Application list.
type: str
auto-asic-offload:
choices:
- disable
- enable
description: Enable/disable policy traffic ASIC offloading.
type: str
av-profile:
description: Name of an existing Antivirus profile.
type: str
captive-portal-exempt:
choices:
- disable
- enable
description: Enable exemption of some users from the captive portal.
type: str
cifs-profile:
description: Name of an existing CIFS profile.
type: str
comments:
description: Comment.
type: str
diffserv-forward:
choices:
- disable
- enable
description: Enable to change packets DiffServ values to the specified diffservcode-forward
value.
type: str
diffserv-reverse:
choices:
- disable
- enable
description: Enable to change packets reverse
type: str
diffservcode-forward:
description: Change packets DiffServ to this value.
type: str
diffservcode-rev:
description: Change packets reverse
type: str
dlp-sensor:
description: Name of an existing DLP sensor.
type: str
dnsfilter-profile:
description: Name of an existing DNS filter profile.
type: str
dstaddr-negate:
choices:
- disable
- enable
description: When enabled dstaddr specifies what the destination address must
NOT be.
type: str
dstaddr4:
description: description
type: str
dstaddr6:
description: description
type: str
dstintf:
description: description
type: str
emailfilter-profile:
description: Name of an existing email filter profile.
type: str
fixedport:
choices:
- disable
- enable
description: Enable to prevent source NAT from changing a sessions source port.
type: str
fsso-groups:
description: description
type: str
global-label:
description: Label for the policy that appears when the GUI is in Global View
mode.
type: str
groups:
description: description
type: str
http-policy-redirect:
choices:
- disable
- enable
description: Redirect HTTP
type: str
icap-profile:
description: Name of an existing ICAP profile.
type: str
inbound:
choices:
- disable
- enable
description: Policy-based IPsec VPN
type: str
inspection-mode:
choices:
- proxy
- flow
description: Policy inspection mode
type: str
internet-service:
choices:
- disable
- enable
description: Enable/disable use of Internet Services for this policy.
type: str
internet-service-custom:
description: description
type: str
internet-service-custom-group:
description: description
type: str
internet-service-group:
description: description
type: str
internet-service-id:
description: description
type: str
internet-service-negate:
choices:
- disable
- enable
description: When enabled internet-service specifies what the service must NOT
be.
type: str
internet-service-src:
choices:
- disable
- enable
description: Enable/disable use of Internet Services in source for this policy.
type: str
internet-service-src-custom:
description: description
type: str
internet-service-src-custom-group:
description: description
type: str
internet-service-src-group:
description: description
type: str
internet-service-src-id:
description: description
type: str
internet-service-src-negate:
choices:
- disable
- enable
description: When enabled internet-service-src specifies what the service must
NOT be.
type: str
ippool:
choices:
- disable
- enable
description: Enable to use IP Pools for source NAT.
type: str
ips-sensor:
description: Name of an existing IPS sensor.
type: str
logtraffic:
choices:
- disable
- all
- utm
description: Enable or disable logging.
type: str
logtraffic-start:
choices:
- disable
- enable
description: Record logs when a session starts.
type: str
mms-profile:
description: Name of an existing MMS profile.
type: str
name:
description: Policy name.
type: str
nat:
choices:
- disable
- enable
description: Enable/disable source NAT.
type: str
outbound:
choices:
- disable
- enable
description: Policy-based IPsec VPN
type: str
per-ip-shaper:
description: Per-IP traffic shaper.
type: str
policyid:
description: Policy ID
type: int
poolname4:
description: description
type: str
poolname6:
description: description
type: str
profile-group:
description: Name of profile group.
type: str
profile-protocol-options:
description: Name of an existing Protocol options profile.
type: str
profile-type:
choices:
- single
- group
description: Determine whether the firewall policy allows security profile groups
or single profiles only.
type: str
schedule:
description: Schedule name.
type: str
service:
description: description
type: str
service-negate:
choices:
- disable
- enable
description: When enabled service specifies what the service must NOT be.
type: str
session-ttl:
description: TTL in seconds for sessions accepted by this policy
type: int
srcaddr-negate:
choices:
- disable
- enable
description: When enabled srcaddr specifies what the source address must NOT be.
type: str
srcaddr4:
description: description
type: str
srcaddr6:
description: description
type: str
srcintf:
description: description
type: str
ssh-filter-profile:
description: Name of an existing SSH filter profile.
type: str
ssh-policy-redirect:
choices:
- disable
- enable
description: Redirect SSH traffic to matching transparent proxy policy.
type: str
ssl-ssh-profile:
description: Name of an existing SSL SSH profile.
type: str
status:
choices:
- disable
- enable
description: Enable or disable this policy.
type: str
tcp-mss-receiver:
description: Receiver TCP maximum segment size
type: int
tcp-mss-sender:
description: Sender TCP maximum segment size
type: int
traffic-shaper:
description: Traffic shaper.
type: str
traffic-shaper-reverse:
description: Reverse traffic shaper.
type: str
url-category:
description: description
type: str
users:
description: description
type: str
utm-status:
choices:
- disable
- enable
description: Enable to add one or more security profiles
type: str
uuid:
description: Universally Unique Identifier
type: str
voip-profile:
description: Name of an existing VoIP profile.
type: str
vpntunnel:
description: Policy-based IPsec VPN
type: str
waf-profile:
description: Name of an existing Web application firewall profile.
type: str
wanopt:
choices:
- disable
- enable
description: Enable/disable WAN optimization.
type: str
wanopt-detection:
choices:
- active
- passive
- 'off'
description: WAN optimization auto-detection mode.
type: str
wanopt-passive-opt:
choices:
- default
- transparent
- non-transparent
description: WAN optimization passive mode options.
type: str
wanopt-peer:
description: WAN optimization peer.
type: str
wanopt-profile:
description: WAN optimization profile.
type: str
webcache:
choices:
- disable
- enable
description: Enable/disable web cache.
type: str
webcache-https:
choices:
- disable
- enable
description: Enable/disable web cache for HTTPS.
type: str
webfilter-profile:
description: Name of an existing Web filter profile.
type: str
webproxy-forward-server:
description: Webproxy forward server name.
type: str
webproxy-profile:
description: Webproxy profile name.
type: str
type: dict
meta:
contains:
request_url:
description: The full url requested.
returned: always
sample: /sys/login/user
type: str
response_code:
description: The status of api request.
returned: always
sample: 0
type: int
response_data:
description: The api response.
returned: always
type: list
response_message:
description: The descriptive message of the api response.
returned: always
sample: OK.
type: str
system_information:
description: The information of the target system.
returned: always
type: dict
description: The result of the request.
returned: always
type: dict
rc:
description: The status the request.
returned: always
sample: 0
type: int
version_check_warning:
description: Warning if the parameters used in the playbook are not supported by
the current FortiManager version.
returned: complex
type: list