Try SpotterConfigure IPv4/IPv6 policies.
| "added in version" 2.1.6 of drmofu.fortimanager"
Authors: Xinwei Du (@dux-fortinet), Xing Li (@lix-fortinet), Jie Xue (@JieX19), Link Zheng (@chillancezen), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu)
preview | supported by community
Install with ansible-galaxy collection install drmofu.fortimanager:==2.2.2
collections:
- name: drmofu.fortimanager
version: 2.2.2This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: Configure IPv4/IPv6 policies.
fmgr_pm_config_pblock_firewall_policy:
bypass_validation: False
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
rc_succeeded: [0, -2, -3, ...]
rc_failed: [-2, -3, ...]
adom: <your own value>
pblock: <your own value>
state: <value in [present, absent]>
pm_config_pblock_firewall_policy:
_policy_block: <value of integer>
action: <value in [deny, accept, ipsec, ...]>
anti-replay: <value in [disable, enable]>
application-list: <value of string>
auth-cert: <value of string>
auth-path: <value in [disable, enable]>
auth-redirect-addr: <value of string>
auto-asic-offload: <value in [disable, enable]>
av-profile: <value of string>
block-notification: <value in [disable, enable]>
captive-portal-exempt: <value in [disable, enable]>
capture-packet: <value in [disable, enable]>
cifs-profile: <value of string>
comments: <value of string>
custom-log-fields: <value of string>
decrypted-traffic-mirror: <value of string>
delay-tcp-npu-session: <value in [disable, enable]>
diffserv-forward: <value in [disable, enable]>
diffserv-reverse: <value in [disable, enable]>
diffservcode-forward: <value of string>
diffservcode-rev: <value of string>
disclaimer: <value in [disable, enable, user, ...]>
dlp-profile: <value of string>
dnsfilter-profile: <value of string>
dsri: <value in [disable, enable]>
dstaddr: <value of string>
dstaddr-negate: <value in [disable, enable]>
dstaddr6: <value of string>
dstintf: <value of string>
dynamic-shaping: <value in [disable, enable]>
email-collect: <value in [disable, enable]>
emailfilter-profile: <value of string>
fec: <value in [disable, enable]>
file-filter-profile: <value of string>
firewall-session-dirty: <value in [check-all, check-new]>
fixedport: <value in [disable, enable]>
fsso-agent-for-ntlm: <value of string>
fsso-groups: <value of string>
geoip-anycast: <value in [disable, enable]>
geoip-match: <value in [physical-location, registered-location]>
global-label: <value of string>
groups: <value of string>
gtp-profile: <value of string>
http-policy-redirect: <value in [disable, enable]>
icap-profile: <value of string>
identity-based-route: <value of string>
inbound: <value in [disable, enable]>
inspection-mode: <value in [proxy, flow]>
internet-service: <value in [disable, enable]>
internet-service-custom: <value of string>
internet-service-custom-group: <value of string>
internet-service-group: <value of string>
internet-service-name: <value of string>
internet-service-negate: <value in [disable, enable]>
internet-service-src: <value in [disable, enable]>
internet-service-src-custom: <value of string>
internet-service-src-custom-group: <value of string>
internet-service-src-group: <value of string>
internet-service-src-name: <value of string>
internet-service-src-negate: <value in [disable, enable]>
ippool: <value in [disable, enable]>
ips-sensor: <value of string>
label: <value of string>
logtraffic: <value in [disable, enable, all, ...]>
logtraffic-start: <value in [disable, enable]>
match-vip: <value in [disable, enable]>
match-vip-only: <value in [disable, enable]>
name: <value of string>
nat: <value in [disable, enable]>
nat46: <value in [disable, enable]>
nat64: <value in [disable, enable]>
natinbound: <value in [disable, enable]>
natip: <value of string>
natoutbound: <value in [disable, enable]>
np-acceleration: <value in [disable, enable]>
ntlm: <value in [disable, enable]>
ntlm-enabled-browsers: <value of string>
ntlm-guest: <value in [disable, enable]>
outbound: <value in [disable, enable]>
passive-wan-health-measurement: <value in [disable, enable]>
per-ip-shaper: <value of string>
permit-any-host: <value in [disable, enable]>
permit-stun-host: <value in [disable, enable]>
pfcp-profile: <value of string>
policy-expiry: <value in [disable, enable]>
policy-expiry-date: <value of string>
policyid: <value of integer>
poolname: <value of string>
poolname6: <value of string>
profile-group: <value of string>
profile-protocol-options: <value of string>
profile-type: <value in [single, group]>
radius-mac-auth-bypass: <value in [disable, enable]>
redirect-url: <value of string>
replacemsg-override-group: <value of string>
reputation-direction: <value in [source, destination]>
reputation-minimum: <value of integer>
rtp-addr: <value of string>
rtp-nat: <value in [disable, enable]>
schedule: <value of string>
schedule-timeout: <value in [disable, enable]>
sctp-filter-profile: <value of string>
send-deny-packet: <value in [disable, enable]>
service: <value of string>
service-negate: <value in [disable, enable]>
session-ttl: <value of integer>
sgt: <value of integer>
sgt-check: <value in [disable, enable]>
src-vendor-mac: <value of string>
srcaddr: <value of string>
srcaddr-negate: <value in [disable, enable]>
srcaddr6: <value of string>
srcintf: <value of string>
ssh-filter-profile: <value of string>
ssh-policy-redirect: <value in [disable, enable]>
ssl-ssh-profile: <value of string>
status: <value in [disable, enable]>
tcp-mss-receiver: <value of integer>
tcp-mss-sender: <value of integer>
tcp-session-without-syn: <value in [all, data-only, disable]>
timeout-send-rst: <value in [disable, enable]>
tos: <value of string>
tos-mask: <value of string>
tos-negate: <value in [disable, enable]>
traffic-shaper: <value of string>
traffic-shaper-reverse: <value of string>
users: <value of string>
utm-status: <value in [disable, enable]>
uuid: <value of string>
videofilter-profile: <value of string>
vlan-cos-fwd: <value of integer>
vlan-cos-rev: <value of integer>
vlan-filter: <value of string>
voip-profile: <value of string>
vpntunnel: <value of string>
waf-profile: <value of string>
wanopt: <value in [disable, enable]>
wanopt-detection: <value in [active, passive, off]>
wanopt-passive-opt: <value in [default, transparent, non-transparent]>
wanopt-peer: <value of string>
wanopt-profile: <value of string>
wccp: <value in [disable, enable]>
webcache: <value in [disable, enable]>
webcache-https: <value in [disable, ssl-server, any, ...]>
webfilter-profile: <value of string>
webproxy-forward-server: <value of string>
webproxy-profile: <value of string>
ztna-ems-tag: <value of string>
ztna-geo-tag: <value of string>
ztna-status: <value in [disable, enable]>
policy-offload: <value in [disable, enable]>
cgn-session-quota: <value of integer>
tcp-timeout-pid: <value of string>
udp-timeout-pid: <value of string>
dlp-sensor: <value of string>
cgn-eif: <value in [disable, enable]>
cgn-log-server-grp: <value of string>
cgn-resource-quota: <value of integer>
cgn-eim: <value in [disable, enable]>
mms-profile: <value of string>
app-category: <value of string>
internet-service-src-id: <value of string>
rsso: <value in [disable, enable]>
internet-service-id: <value of string>
best-route: <value in [disable, enable]>
fsso: <value in [disable, enable]>
url-category: <value of string>
app-group: <value of string>
ssl-mirror-intf: <value of string>
wsso: <value in [disable, enable]>
ssl-mirror: <value in [disable, enable]>
application: <value of integer>
dscp-negate: <value in [disable, enable]>
learning-mode: <value in [disable, enable]>
devices: <value of string>
dscp-value: <value of string>
spamfilter-profile: <value of string>
scan-botnet-connections: <value in [disable, block, monitor]>
dscp-match: <value in [disable, enable]>
diffserv-copy: <value in [disable, enable]>
dstaddr6-negate: <value in [disable, enable]>
internet-service6: <value in [disable, enable]>
internet-service6-custom: <value of string>
internet-service6-custom-group: <value of string>
internet-service6-group: <value of string>
internet-service6-name: <value of string>
internet-service6-negate: <value in [disable, enable]>
internet-service6-src: <value in [disable, enable]>
internet-service6-src-custom: <value of string>
internet-service6-src-custom-group: <value of string>
internet-service6-src-group: <value of string>
internet-service6-src-name: <value of string>
internet-service6-src-negate: <value in [disable, enable]>
network-service-dynamic: <value of string>
network-service-src-dynamic: <value of string>
reputation-direction6: <value in [source, destination]>
reputation-minimum6: <value of integer>
srcaddr6-negate: <value in [disable, enable]>
ip-version-type: <value of string>
ips-voip-filter: <value of string>
pcp-inbound: <value in [disable, enable]>
pcp-outbound: <value in [disable, enable]>
pcp-poolname: <value of string>
policy-behaviour-type: <value of string>
policy-expiry-date-utc: <value of string>
ztna-device-ownership: <value in [disable, enable]>
ztna-ems-tag-secondary: <value of string>
ztna-policy-redirect: <value in [disable, enable]>
ztna-tags-match-logic: <value in [or, and]>
adom:
description: the parameter (adom) in requested url
required: true
type: str
state:
choices:
- present
- absent
description: The directive to create, update or delete an object.
required: true
type: str
pblock:
description: the parameter (pblock) in requested url
required: true
type: str
rc_failed:
description: The rc codes list with which the conditions to fail will be overriden.
elements: int
required: false
type: list
enable_log:
default: false
description: Enable/Disable logging for task.
required: false
type: bool
access_token:
description: The token to access FortiManager without using username and password.
required: false
type: str
rc_succeeded:
description: The rc codes list with which the conditions to succeed will be overriden.
elements: int
required: false
type: list
proposed_method:
choices:
- update
- set
- add
description: The overridden method for the underlying Json RPC request.
required: false
type: str
bypass_validation:
default: false
description: Only set to True when module schema diffs with FortiManager API structure,
module continues to execute without validating parameters.
required: false
type: bool
workspace_locking_adom:
description: The adom to lock for FortiManager running in workspace mode, the value
can be global and others including root.
required: false
type: str
forticloud_access_token:
description: Authenticate Ansible client with forticloud API access token.
required: false
type: str
workspace_locking_timeout:
default: 300
description: The maximum time in seconds to wait for other user to release the workspace
lock.
required: false
type: int
pm_config_pblock_firewall_policy:
description: the top level parameters set
required: false
suboptions:
_policy_block:
description: Assigned policy block.
type: int
action:
choices:
- deny
- accept
- ipsec
- ssl-vpn
- redirect
- isolate
description: Policy action
type: str
anti-replay:
choices:
- disable
- enable
description: Enable/disable anti-replay check.
type: str
app-category:
description: description
type: str
app-group:
description: description
type: str
application:
description: description
type: int
application-list:
description: Name of an existing Application list.
type: str
auth-cert:
description: HTTPS server certificate for policy authentication.
type: str
auth-path:
choices:
- disable
- enable
description: Enable/disable authentication-based routing.
type: str
auth-redirect-addr:
description: HTTP-to-HTTPS redirect address for firewall authentication.
type: str
auto-asic-offload:
choices:
- disable
- enable
description: Enable/disable policy traffic ASIC offloading.
type: str
av-profile:
description: Name of an existing Antivirus profile.
type: str
best-route:
choices:
- disable
- enable
description: no description
type: str
block-notification:
choices:
- disable
- enable
description: Enable/disable block notification.
type: str
captive-portal-exempt:
choices:
- disable
- enable
description: Enable to exempt some users from the captive portal.
type: str
capture-packet:
choices:
- disable
- enable
description: Enable/disable capture packets.
type: str
cgn-eif:
choices:
- disable
- enable
description: Enable/Disable CGN endpoint independent filtering.
type: str
cgn-eim:
choices:
- disable
- enable
description: Enable/Disable CGN endpoint independent mapping
type: str
cgn-log-server-grp:
description: NP log server group name
type: str
cgn-resource-quota:
description: resource quota
type: int
cgn-session-quota:
description: session quota
type: int
cifs-profile:
description: Name of an existing CIFS profile.
type: str
comments:
description: Comment.
type: str
custom-log-fields:
description: description
type: str
decrypted-traffic-mirror:
description: Decrypted traffic mirror.
type: str
delay-tcp-npu-session:
choices:
- disable
- enable
description: Enable TCP NPU session delay to guarantee packet order of 3-way handshake.
type: str
devices:
description: description
type: str
diffserv-copy:
choices:
- disable
- enable
description: Enable to copy packets DiffServ values from sessions original direction
to its reply direction.
type: str
diffserv-forward:
choices:
- disable
- enable
description: Enable to change packets DiffServ values to the specified diffservcode-forward
value.
type: str
diffserv-reverse:
choices:
- disable
- enable
description: Enable to change packets reverse
type: str
diffservcode-forward:
description: Change packets DiffServ to this value.
type: str
diffservcode-rev:
description: Change packets reverse
type: str
disclaimer:
choices:
- disable
- enable
- user
- domain
- policy
description: Enable/disable user authentication disclaimer.
type: str
dlp-profile:
description: Name of an existing DLP profile.
type: str
dlp-sensor:
description: Name of an existing DLP sensor.
type: str
dnsfilter-profile:
description: Name of an existing DNS filter profile.
type: str
dscp-match:
choices:
- disable
- enable
description: Enable DSCP check.
type: str
dscp-negate:
choices:
- disable
- enable
description: Enable negated DSCP match.
type: str
dscp-value:
description: DSCP value.
type: str
dsri:
choices:
- disable
- enable
description: Enable DSRI to ignore HTTP server responses.
type: str
dstaddr:
description: description
type: str
dstaddr-negate:
choices:
- disable
- enable
description: When enabled dstaddr/dstaddr6 specifies what the destination address
must NOT be.
type: str
dstaddr6:
description: description
type: str
dstaddr6-negate:
choices:
- disable
- enable
description: When enabled dstaddr6 specifies what the destination address must
NOT be.
type: str
dstintf:
description: description
type: str
dynamic-shaping:
choices:
- disable
- enable
description: Enable/disable dynamic RADIUS defined traffic shaping.
type: str
email-collect:
choices:
- disable
- enable
description: Enable/disable email collection.
type: str
emailfilter-profile:
description: Name of an existing email filter profile.
type: str
fec:
choices:
- disable
- enable
description: Enable/disable Forward Error Correction on traffic matching this
policy on a FEC device.
type: str
file-filter-profile:
description: Name of an existing file-filter profile.
type: str
firewall-session-dirty:
choices:
- check-all
- check-new
description: How to handle sessions if the configuration of this firewall policy
changes.
type: str
fixedport:
choices:
- disable
- enable
description: Enable to prevent source NAT from changing a sessions source port.
type: str
fsso:
choices:
- disable
- enable
description: Enable/disable Fortinet Single Sign-On.
type: str
fsso-agent-for-ntlm:
description: FSSO agent to use for NTLM authentication.
type: str
fsso-groups:
description: description
type: str
geoip-anycast:
choices:
- disable
- enable
description: Enable/disable recognition of anycast IP addresses using the geography
IP database.
type: str
geoip-match:
choices:
- physical-location
- registered-location
description: Match geography address based either on its physical location or
registered location.
type: str
global-label:
description: Label for the policy that appears when the GUI is in Global View
mode.
type: str
groups:
description: description
type: str
gtp-profile:
description: GTP profile.
type: str
http-policy-redirect:
choices:
- disable
- enable
description: Redirect HTTP
type: str
icap-profile:
description: Name of an existing ICAP profile.
type: str
identity-based-route:
description: Name of identity-based routing rule.
type: str
inbound:
choices:
- disable
- enable
description: Policy-based IPsec VPN
type: str
inspection-mode:
choices:
- proxy
- flow
description: Policy inspection mode
type: str
internet-service:
choices:
- disable
- enable
description: Enable/disable use of Internet Services for this policy.
type: str
internet-service-custom:
description: description
type: str
internet-service-custom-group:
description: description
type: str
internet-service-group:
description: description
type: str
internet-service-id:
description: description
type: str
internet-service-name:
description: description
type: str
internet-service-negate:
choices:
- disable
- enable
description: When enabled internet-service specifies what the service must NOT
be.
type: str
internet-service-src:
choices:
- disable
- enable
description: Enable/disable use of Internet Services in source for this policy.
type: str
internet-service-src-custom:
description: description
type: str
internet-service-src-custom-group:
description: description
type: str
internet-service-src-group:
description: description
type: str
internet-service-src-id:
description: description
type: str
internet-service-src-name:
description: description
type: str
internet-service-src-negate:
choices:
- disable
- enable
description: When enabled internet-service-src specifies what the service must
NOT be.
type: str
internet-service6:
choices:
- disable
- enable
description: Enable/disable use of IPv6 Internet Services for this policy.
type: str
internet-service6-custom:
description: description
type: str
internet-service6-custom-group:
description: description
type: str
internet-service6-group:
description: description
type: str
internet-service6-name:
description: description
type: str
internet-service6-negate:
choices:
- disable
- enable
description: When enabled internet-service6 specifies what the service must NOT
be.
type: str
internet-service6-src:
choices:
- disable
- enable
description: Enable/disable use of IPv6 Internet Services in source for this policy.
type: str
internet-service6-src-custom:
description: description
type: str
internet-service6-src-custom-group:
description: description
type: str
internet-service6-src-group:
description: description
type: str
internet-service6-src-name:
description: description
type: str
internet-service6-src-negate:
choices:
- disable
- enable
description: When enabled internet-service6-src specifies what the service must
NOT be.
type: str
ip-version-type:
description: IP version of the policy.
type: str
ippool:
choices:
- disable
- enable
description: Enable to use IP Pools for source NAT.
type: str
ips-sensor:
description: Name of an existing IPS sensor.
type: str
ips-voip-filter:
description: Name of an existing VoIP
type: str
label:
description: Label for the policy that appears when the GUI is in Section View
mode.
type: str
learning-mode:
choices:
- disable
- enable
description: Enable to allow everything, but log all of the meaningful data for
security information gathering.
type: str
logtraffic:
choices:
- disable
- enable
- all
- utm
description: Enable or disable logging.
type: str
logtraffic-start:
choices:
- disable
- enable
description: Record logs when a session starts.
type: str
match-vip:
choices:
- disable
- enable
description: Enable to match packets that have had their destination addresses
changed by a VIP.
type: str
match-vip-only:
choices:
- disable
- enable
description: Enable/disable matching of only those packets that have had their
destination addresses changed by a VIP.
type: str
mms-profile:
description: Name of an existing MMS profile.
type: str
name:
description: Policy name.
type: str
nat:
choices:
- disable
- enable
description: Enable/disable source NAT.
type: str
nat46:
choices:
- disable
- enable
description: Enable/disable NAT46.
type: str
nat64:
choices:
- disable
- enable
description: Enable/disable NAT64.
type: str
natinbound:
choices:
- disable
- enable
description: Policy-based IPsec VPN
type: str
natip:
description: Policy-based IPsec VPN
type: str
natoutbound:
choices:
- disable
- enable
description: Policy-based IPsec VPN
type: str
network-service-dynamic:
description: description
type: str
network-service-src-dynamic:
description: description
type: str
np-acceleration:
choices:
- disable
- enable
description: Enable/disable UTM Network Processor acceleration.
type: str
ntlm:
choices:
- disable
- enable
description: Enable/disable NTLM authentication.
type: str
ntlm-enabled-browsers:
description: description
type: str
ntlm-guest:
choices:
- disable
- enable
description: Enable/disable NTLM guest user access.
type: str
outbound:
choices:
- disable
- enable
description: Policy-based IPsec VPN
type: str
passive-wan-health-measurement:
choices:
- disable
- enable
description: Enable/disable passive WAN health measurement.
type: str
pcp-inbound:
choices:
- disable
- enable
description: Enable/disable PCP inbound DNAT.
type: str
pcp-outbound:
choices:
- disable
- enable
description: Enable/disable PCP outbound SNAT.
type: str
pcp-poolname:
description: description
type: str
per-ip-shaper:
description: Per-IP traffic shaper.
type: str
permit-any-host:
choices:
- disable
- enable
description: Accept UDP packets from any host.
type: str
permit-stun-host:
choices:
- disable
- enable
description: Accept UDP packets from any Session Traversal Utilities for NAT
type: str
pfcp-profile:
description: PFCP profile.
type: str
policy-behaviour-type:
description: Behaviour of the policy.
type: str
policy-expiry:
choices:
- disable
- enable
description: Enable/disable policy expiry.
type: str
policy-expiry-date:
description: Policy expiry date
type: str
policy-expiry-date-utc:
description: Policy expiry date and time, in epoch format.
type: str
policy-offload:
choices:
- disable
- enable
description: Enable/Disable hardware session setup for CGNAT.
type: str
policyid:
description: Policy ID
type: int
poolname:
description: description
type: str
poolname6:
description: description
type: str
profile-group:
description: Name of profile group.
type: str
profile-protocol-options:
description: Name of an existing Protocol options profile.
type: str
profile-type:
choices:
- single
- group
description: Determine whether the firewall policy allows security profile groups
or single profiles only.
type: str
radius-mac-auth-bypass:
choices:
- disable
- enable
description: Enable MAC authentication bypass.
type: str
redirect-url:
description: URL users are directed to after seeing and accepting the disclaimer
or authenticating.
type: str
replacemsg-override-group:
description: Override the default replacement message group for this policy.
type: str
reputation-direction:
choices:
- source
- destination
description: Direction of the initial traffic for reputation to take effect.
type: str
reputation-direction6:
choices:
- source
- destination
description: Direction of the initial traffic for IPv6 reputation to take effect.
type: str
reputation-minimum:
description: Minimum Reputation to take action.
type: int
reputation-minimum6:
description: IPv6 Minimum Reputation to take action.
type: int
rsso:
choices:
- disable
- enable
description: Enable/disable RADIUS single sign-on
type: str
rtp-addr:
description: description
type: str
rtp-nat:
choices:
- disable
- enable
description: Enable Real Time Protocol
type: str
scan-botnet-connections:
choices:
- disable
- block
- monitor
description: Block or monitor connections to Botnet servers or disable Botnet
scanning.
type: str
schedule:
description: Schedule name.
type: str
schedule-timeout:
choices:
- disable
- enable
description: Enable to force current sessions to end when the schedule object
times out.
type: str
sctp-filter-profile:
description: Name of an existing SCTP filter profile.
type: str
send-deny-packet:
choices:
- disable
- enable
description: Enable to send a reply when a session is denied or blocked by a firewall
policy.
type: str
service:
description: description
type: str
service-negate:
choices:
- disable
- enable
description: When enabled service specifies what the service must NOT be.
type: str
session-ttl:
description: TTL in seconds for sessions accepted by this policy
type: int
sgt:
description: description
type: int
sgt-check:
choices:
- disable
- enable
description: Enable/disable security group tags
type: str
spamfilter-profile:
description: Name of an existing Spam filter profile.
type: str
src-vendor-mac:
description: description
type: str
srcaddr:
description: description
type: str
srcaddr-negate:
choices:
- disable
- enable
description: When enabled srcaddr/srcaddr6 specifies what the source address must
NOT be.
type: str
srcaddr6:
description: description
type: str
srcaddr6-negate:
choices:
- disable
- enable
description: When enabled srcaddr6 specifies what the source address must NOT
be.
type: str
srcintf:
description: description
type: str
ssh-filter-profile:
description: Name of an existing SSH filter profile.
type: str
ssh-policy-redirect:
choices:
- disable
- enable
description: Redirect SSH traffic to matching transparent proxy policy.
type: str
ssl-mirror:
choices:
- disable
- enable
description: Enable to copy decrypted SSL traffic to a FortiGate interface
type: str
ssl-mirror-intf:
description: description
type: str
ssl-ssh-profile:
description: Name of an existing SSL SSH profile.
type: str
status:
choices:
- disable
- enable
description: Enable or disable this policy.
type: str
tcp-mss-receiver:
description: Receiver TCP maximum segment size
type: int
tcp-mss-sender:
description: Sender TCP maximum segment size
type: int
tcp-session-without-syn:
choices:
- all
- data-only
- disable
description: Enable/disable creation of TCP session without SYN flag.
type: str
tcp-timeout-pid:
description: TCP timeout profile ID
type: str
timeout-send-rst:
choices:
- disable
- enable
description: Enable/disable sending RST packets when TCP sessions expire.
type: str
tos:
description: ToS
type: str
tos-mask:
description: Non-zero bit positions are used for comparison while zero bit positions
are ignored.
type: str
tos-negate:
choices:
- disable
- enable
description: Enable negated TOS match.
type: str
traffic-shaper:
description: Traffic shaper.
type: str
traffic-shaper-reverse:
description: Reverse traffic shaper.
type: str
udp-timeout-pid:
description: UDP timeout profile ID
type: str
url-category:
description: description
type: str
users:
description: description
type: str
utm-status:
choices:
- disable
- enable
description: Enable to add one or more security profiles
type: str
uuid:
description: Universally Unique Identifier
type: str
videofilter-profile:
description: Name of an existing VideoFilter profile.
type: str
vlan-cos-fwd:
description: VLAN forward direction user priority
type: int
vlan-cos-rev:
description: VLAN reverse direction user priority
type: int
vlan-filter:
description: Set VLAN filters.
type: str
voip-profile:
description: Name of an existing VoIP profile.
type: str
vpntunnel:
description: Policy-based IPsec VPN
type: str
waf-profile:
description: Name of an existing Web application firewall profile.
type: str
wanopt:
choices:
- disable
- enable
description: Enable/disable WAN optimization.
type: str
wanopt-detection:
choices:
- active
- passive
- 'off'
description: WAN optimization auto-detection mode.
type: str
wanopt-passive-opt:
choices:
- default
- transparent
- non-transparent
description: WAN optimization passive mode options.
type: str
wanopt-peer:
description: WAN optimization peer.
type: str
wanopt-profile:
description: WAN optimization profile.
type: str
wccp:
choices:
- disable
- enable
description: Enable/disable forwarding traffic matching this policy to a configured
WCCP server.
type: str
webcache:
choices:
- disable
- enable
description: Enable/disable web cache.
type: str
webcache-https:
choices:
- disable
- ssl-server
- any
- enable
description: Enable/disable web cache for HTTPS.
type: str
webfilter-profile:
description: Name of an existing Web filter profile.
type: str
webproxy-forward-server:
description: Webproxy forward server name.
type: str
webproxy-profile:
description: Webproxy profile name.
type: str
wsso:
choices:
- disable
- enable
description: Enable/disable WiFi Single Sign On
type: str
ztna-device-ownership:
choices:
- disable
- enable
description: Enable/disable zero trust device ownership.
type: str
ztna-ems-tag:
description: description
type: str
ztna-ems-tag-secondary:
description: description
type: str
ztna-geo-tag:
description: description
type: str
ztna-policy-redirect:
choices:
- disable
- enable
description: Redirect ZTNA traffic to matching Access-Proxy proxy-policy.
type: str
ztna-status:
choices:
- disable
- enable
description: Enable/disable zero trust access.
type: str
ztna-tags-match-logic:
choices:
- or
- and
description: ZTNA tag matching logic.
type: str
type: dict
meta:
contains:
request_url:
description: The full url requested.
returned: always
sample: /sys/login/user
type: str
response_code:
description: The status of api request.
returned: always
sample: 0
type: int
response_data:
description: The api response.
returned: always
type: list
response_message:
description: The descriptive message of the api response.
returned: always
sample: OK.
type: str
system_information:
description: The information of the target system.
returned: always
type: dict
description: The result of the request.
returned: always
type: dict
rc:
description: The status the request.
returned: always
sample: 0
type: int
version_check_warning:
description: Warning if the parameters used in the playbook are not supported by
the current FortiManager version.
returned: complex
type: list