drmofu / drmofu.fortimanager / 2.2.2 / module / fmgr_pm_config_pblock_firewall_consolidated_policy Configure consolidated IPv4/IPv6 policies. | "added in version" 2.2.0 of drmofu.fortimanager" Authors: Xinwei Du (@dux-fortinet), Xing Li (@lix-fortinet), Jie Xue (@JieX19), Link Zheng (@chillancezen), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu) preview | supported by communitydrmofu.fortimanager.fmgr_pm_config_pblock_firewall_consolidated_policy (2.2.2) — module
Install with ansible-galaxy collection install drmofu.fortimanager:==2.2.2
collections: - name: drmofu.fortimanager version: 2.2.2
This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- hosts: fortimanager-inventory collections: - fortinet.fortimanager connection: httpapi vars: ansible_httpapi_use_ssl: True ansible_httpapi_validate_certs: False ansible_httpapi_port: 443 tasks: - name: Configure consolidated IPv4/IPv6 policies. fmgr_pm_config_pblock_firewall_consolidated_policy: bypass_validation: False workspace_locking_adom: <value in [global, custom adom including root]> workspace_locking_timeout: 300 rc_succeeded: [0, -2, -3, ...] rc_failed: [-2, -3, ...] adom: <your own value> pblock: <your own value> state: <value in [present, absent]> pm_config_pblock_firewall_consolidated_policy: _policy_block: <value of integer> action: <value in [deny, accept, ipsec]> app-category: <value of string> app-group: <value of string> application: <value of integer> application-list: <value of string> auto-asic-offload: <value in [disable, enable]> av-profile: <value of string> captive-portal-exempt: <value in [disable, enable]> cifs-profile: <value of string> comments: <value of string> diffserv-forward: <value in [disable, enable]> diffserv-reverse: <value in [disable, enable]> diffservcode-forward: <value of string> diffservcode-rev: <value of string> dlp-sensor: <value of string> dnsfilter-profile: <value of string> dstaddr-negate: <value in [disable, enable]> dstaddr4: <value of string> dstaddr6: <value of string> dstintf: <value of string> emailfilter-profile: <value of string> fixedport: <value in [disable, enable]> fsso-groups: <value of string> global-label: <value of string> groups: <value of string> http-policy-redirect: <value in [disable, enable]> icap-profile: <value of string> inbound: <value in [disable, enable]> inspection-mode: <value in [proxy, flow]> internet-service: <value in [disable, enable]> internet-service-custom: <value of string> internet-service-custom-group: <value of string> internet-service-group: <value of string> internet-service-id: <value of string> internet-service-negate: <value in [disable, enable]> internet-service-src: <value in [disable, enable]> internet-service-src-custom: <value of string> internet-service-src-custom-group: <value of string> internet-service-src-group: <value of string> internet-service-src-id: <value of string> internet-service-src-negate: <value in [disable, enable]> ippool: <value in [disable, enable]> ips-sensor: <value of string> logtraffic: <value in [disable, all, utm]> logtraffic-start: <value in [disable, enable]> mms-profile: <value of string> name: <value of string> nat: <value in [disable, enable]> outbound: <value in [disable, enable]> per-ip-shaper: <value of string> policyid: <value of integer> poolname4: <value of string> poolname6: <value of string> profile-group: <value of string> profile-protocol-options: <value of string> profile-type: <value in [single, group]> schedule: <value of string> service: <value of string> service-negate: <value in [disable, enable]> session-ttl: <value of integer> srcaddr-negate: <value in [disable, enable]> srcaddr4: <value of string> srcaddr6: <value of string> srcintf: <value of string> ssh-filter-profile: <value of string> ssh-policy-redirect: <value in [disable, enable]> ssl-ssh-profile: <value of string> status: <value in [disable, enable]> tcp-mss-receiver: <value of integer> tcp-mss-sender: <value of integer> traffic-shaper: <value of string> traffic-shaper-reverse: <value of string> url-category: <value of string> users: <value of string> utm-status: <value in [disable, enable]> uuid: <value of string> voip-profile: <value of string> vpntunnel: <value of string> waf-profile: <value of string> wanopt: <value in [disable, enable]> wanopt-detection: <value in [active, passive, off]> wanopt-passive-opt: <value in [default, transparent, non-transparent]> wanopt-peer: <value of string> wanopt-profile: <value of string> webcache: <value in [disable, enable]> webcache-https: <value in [disable, enable]> webfilter-profile: <value of string> webproxy-forward-server: <value of string> webproxy-profile: <value of string>
adom: description: the parameter (adom) in requested url required: true type: str state: choices: - present - absent description: The directive to create, update or delete an object. required: true type: str pblock: description: the parameter (pblock) in requested url required: true type: str rc_failed: description: The rc codes list with which the conditions to fail will be overriden. elements: int required: false type: list enable_log: default: false description: Enable/Disable logging for task. required: false type: bool access_token: description: The token to access FortiManager without using username and password. required: false type: str rc_succeeded: description: The rc codes list with which the conditions to succeed will be overriden. elements: int required: false type: list proposed_method: choices: - update - set - add description: The overridden method for the underlying Json RPC request. required: false type: str bypass_validation: default: false description: Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. required: false type: bool workspace_locking_adom: description: The adom to lock for FortiManager running in workspace mode, the value can be global and others including root. required: false type: str forticloud_access_token: description: Authenticate Ansible client with forticloud API access token. required: false type: str workspace_locking_timeout: default: 300 description: The maximum time in seconds to wait for other user to release the workspace lock. required: false type: int pm_config_pblock_firewall_consolidated_policy: description: the top level parameters set required: false suboptions: _policy_block: description: Assigned policy block. type: int action: choices: - deny - accept - ipsec description: Policy action type: str app-category: description: description type: str app-group: description: description type: str application: description: description type: int application-list: description: Name of an existing Application list. type: str auto-asic-offload: choices: - disable - enable description: Enable/disable policy traffic ASIC offloading. type: str av-profile: description: Name of an existing Antivirus profile. type: str captive-portal-exempt: choices: - disable - enable description: Enable exemption of some users from the captive portal. type: str cifs-profile: description: Name of an existing CIFS profile. type: str comments: description: Comment. type: str diffserv-forward: choices: - disable - enable description: Enable to change packets DiffServ values to the specified diffservcode-forward value. type: str diffserv-reverse: choices: - disable - enable description: Enable to change packets reverse type: str diffservcode-forward: description: Change packets DiffServ to this value. type: str diffservcode-rev: description: Change packets reverse type: str dlp-sensor: description: Name of an existing DLP sensor. type: str dnsfilter-profile: description: Name of an existing DNS filter profile. type: str dstaddr-negate: choices: - disable - enable description: When enabled dstaddr specifies what the destination address must NOT be. type: str dstaddr4: description: description type: str dstaddr6: description: description type: str dstintf: description: description type: str emailfilter-profile: description: Name of an existing email filter profile. type: str fixedport: choices: - disable - enable description: Enable to prevent source NAT from changing a sessions source port. type: str fsso-groups: description: description type: str global-label: description: Label for the policy that appears when the GUI is in Global View mode. type: str groups: description: description type: str http-policy-redirect: choices: - disable - enable description: Redirect HTTP type: str icap-profile: description: Name of an existing ICAP profile. type: str inbound: choices: - disable - enable description: Policy-based IPsec VPN type: str inspection-mode: choices: - proxy - flow description: Policy inspection mode type: str internet-service: choices: - disable - enable description: Enable/disable use of Internet Services for this policy. type: str internet-service-custom: description: description type: str internet-service-custom-group: description: description type: str internet-service-group: description: description type: str internet-service-id: description: description type: str internet-service-negate: choices: - disable - enable description: When enabled internet-service specifies what the service must NOT be. type: str internet-service-src: choices: - disable - enable description: Enable/disable use of Internet Services in source for this policy. type: str internet-service-src-custom: description: description type: str internet-service-src-custom-group: description: description type: str internet-service-src-group: description: description type: str internet-service-src-id: description: description type: str internet-service-src-negate: choices: - disable - enable description: When enabled internet-service-src specifies what the service must NOT be. type: str ippool: choices: - disable - enable description: Enable to use IP Pools for source NAT. type: str ips-sensor: description: Name of an existing IPS sensor. type: str logtraffic: choices: - disable - all - utm description: Enable or disable logging. type: str logtraffic-start: choices: - disable - enable description: Record logs when a session starts. type: str mms-profile: description: Name of an existing MMS profile. type: str name: description: Policy name. type: str nat: choices: - disable - enable description: Enable/disable source NAT. type: str outbound: choices: - disable - enable description: Policy-based IPsec VPN type: str per-ip-shaper: description: Per-IP traffic shaper. type: str policyid: description: Policy ID type: int poolname4: description: description type: str poolname6: description: description type: str profile-group: description: Name of profile group. type: str profile-protocol-options: description: Name of an existing Protocol options profile. type: str profile-type: choices: - single - group description: Determine whether the firewall policy allows security profile groups or single profiles only. type: str schedule: description: Schedule name. type: str service: description: description type: str service-negate: choices: - disable - enable description: When enabled service specifies what the service must NOT be. type: str session-ttl: description: TTL in seconds for sessions accepted by this policy type: int srcaddr-negate: choices: - disable - enable description: When enabled srcaddr specifies what the source address must NOT be. type: str srcaddr4: description: description type: str srcaddr6: description: description type: str srcintf: description: description type: str ssh-filter-profile: description: Name of an existing SSH filter profile. type: str ssh-policy-redirect: choices: - disable - enable description: Redirect SSH traffic to matching transparent proxy policy. type: str ssl-ssh-profile: description: Name of an existing SSL SSH profile. type: str status: choices: - disable - enable description: Enable or disable this policy. type: str tcp-mss-receiver: description: Receiver TCP maximum segment size type: int tcp-mss-sender: description: Sender TCP maximum segment size type: int traffic-shaper: description: Traffic shaper. type: str traffic-shaper-reverse: description: Reverse traffic shaper. type: str url-category: description: description type: str users: description: description type: str utm-status: choices: - disable - enable description: Enable to add one or more security profiles type: str uuid: description: Universally Unique Identifier type: str voip-profile: description: Name of an existing VoIP profile. type: str vpntunnel: description: Policy-based IPsec VPN type: str waf-profile: description: Name of an existing Web application firewall profile. type: str wanopt: choices: - disable - enable description: Enable/disable WAN optimization. type: str wanopt-detection: choices: - active - passive - 'off' description: WAN optimization auto-detection mode. type: str wanopt-passive-opt: choices: - default - transparent - non-transparent description: WAN optimization passive mode options. type: str wanopt-peer: description: WAN optimization peer. type: str wanopt-profile: description: WAN optimization profile. type: str webcache: choices: - disable - enable description: Enable/disable web cache. type: str webcache-https: choices: - disable - enable description: Enable/disable web cache for HTTPS. type: str webfilter-profile: description: Name of an existing Web filter profile. type: str webproxy-forward-server: description: Webproxy forward server name. type: str webproxy-profile: description: Webproxy profile name. type: str type: dict
meta: contains: request_url: description: The full url requested. returned: always sample: /sys/login/user type: str response_code: description: The status of api request. returned: always sample: 0 type: int response_data: description: The api response. returned: always type: list response_message: description: The descriptive message of the api response. returned: always sample: OK. type: str system_information: description: The information of the target system. returned: always type: dict description: The result of the request. returned: always type: dict rc: description: The status the request. returned: always sample: 0 type: int version_check_warning: description: Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: complex type: list