drmofu / drmofu.fortimanager / 2.2.2 / module / fmgr_pm_config_pblock_firewall_policy6 Configure IPv6 policies. | "added in version" 2.2.0 of drmofu.fortimanager" Authors: Xinwei Du (@dux-fortinet), Xing Li (@lix-fortinet), Jie Xue (@JieX19), Link Zheng (@chillancezen), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu) preview | supported by communitydrmofu.fortimanager.fmgr_pm_config_pblock_firewall_policy6 (2.2.2) — module
Install with ansible-galaxy collection install drmofu.fortimanager:==2.2.2
collections: - name: drmofu.fortimanager version: 2.2.2
This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- hosts: fortimanager-inventory collections: - fortinet.fortimanager connection: httpapi vars: ansible_httpapi_use_ssl: True ansible_httpapi_validate_certs: False ansible_httpapi_port: 443 tasks: - name: Configure IPv6 policies. fmgr_pm_config_pblock_firewall_policy6: bypass_validation: False workspace_locking_adom: <value in [global, custom adom including root]> workspace_locking_timeout: 300 rc_succeeded: [0, -2, -3, ...] rc_failed: [-2, -3, ...] adom: <your own value> pblock: <your own value> state: <value in [present, absent]> pm_config_pblock_firewall_policy6: _policy_block: <value of integer> action: <value in [deny, accept, ipsec, ...]> anti-replay: <value in [disable, enable]> app-category: <value of string> app-group: <value of string> application: <value of integer> application-list: <value of string> auto-asic-offload: <value in [disable, enable]> av-profile: <value of string> cgn-log-server-grp: <value of string> cifs-profile: <value of string> comments: <value of string> custom-log-fields: <value of string> diffserv-forward: <value in [disable, enable]> diffserv-reverse: <value in [disable, enable]> diffservcode-forward: <value of string> diffservcode-rev: <value of string> dlp-sensor: <value of string> dnsfilter-profile: <value of string> dsri: <value in [disable, enable]> dstaddr: <value of string> dstaddr-negate: <value in [disable, enable]> dstintf: <value of string> emailfilter-profile: <value of string> firewall-session-dirty: <value in [check-all, check-new]> fixedport: <value in [disable, enable]> fsso-groups: <value of string> global-label: <value of string> groups: <value of string> http-policy-redirect: <value in [disable, enable]> icap-profile: <value of string> inbound: <value in [disable, enable]> inspection-mode: <value in [proxy, flow]> ippool: <value in [disable, enable]> ips-sensor: <value of string> label: <value of string> logtraffic: <value in [disable, enable, all, ...]> logtraffic-start: <value in [disable, enable]> mms-profile: <value of string> name: <value of string> nat: <value in [disable, enable]> natinbound: <value in [disable, enable]> natoutbound: <value in [disable, enable]> np-acceleration: <value in [disable, enable]> outbound: <value in [disable, enable]> per-ip-shaper: <value of string> policy-offload: <value in [disable, enable]> policyid: <value of integer> poolname: <value of string> profile-group: <value of string> profile-protocol-options: <value of string> profile-type: <value in [single, group]> replacemsg-override-group: <value of string> rsso: <value in [disable, enable]> schedule: <value of string> send-deny-packet: <value in [disable, enable]> service: <value of string> service-negate: <value in [disable, enable]> session-ttl: <value of string> srcaddr: <value of string> srcaddr-negate: <value in [disable, enable]> srcintf: <value of string> ssh-filter-profile: <value of string> ssh-policy-redirect: <value in [disable, enable]> ssl-mirror: <value in [disable, enable]> ssl-mirror-intf: <value of string> ssl-ssh-profile: <value of string> status: <value in [disable, enable]> tcp-mss-receiver: <value of integer> tcp-mss-sender: <value of integer> tcp-session-without-syn: <value in [all, data-only, disable]> timeout-send-rst: <value in [disable, enable]> tos: <value of string> tos-mask: <value of string> tos-negate: <value in [disable, enable]> traffic-shaper: <value of string> traffic-shaper-reverse: <value of string> url-category: <value of string> users: <value of string> utm-status: <value in [disable, enable]> uuid: <value of string> vlan-cos-fwd: <value of integer> vlan-cos-rev: <value of integer> vlan-filter: <value of string> voip-profile: <value of string> vpntunnel: <value of string> waf-profile: <value of string> webcache: <value in [disable, enable]> webcache-https: <value in [disable, enable]> webfilter-profile: <value of string> webproxy-forward-server: <value of string> webproxy-profile: <value of string> dscp-negate: <value in [disable, enable]> devices: <value of string> dscp-value: <value of string> spamfilter-profile: <value of string> dscp-match: <value in [disable, enable]>
adom: description: the parameter (adom) in requested url required: true type: str state: choices: - present - absent description: The directive to create, update or delete an object. required: true type: str pblock: description: the parameter (pblock) in requested url required: true type: str rc_failed: description: The rc codes list with which the conditions to fail will be overriden. elements: int required: false type: list enable_log: default: false description: Enable/Disable logging for task. required: false type: bool access_token: description: The token to access FortiManager without using username and password. required: false type: str rc_succeeded: description: The rc codes list with which the conditions to succeed will be overriden. elements: int required: false type: list proposed_method: choices: - update - set - add description: The overridden method for the underlying Json RPC request. required: false type: str bypass_validation: default: false description: Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. required: false type: bool workspace_locking_adom: description: The adom to lock for FortiManager running in workspace mode, the value can be global and others including root. required: false type: str forticloud_access_token: description: Authenticate Ansible client with forticloud API access token. required: false type: str workspace_locking_timeout: default: 300 description: The maximum time in seconds to wait for other user to release the workspace lock. required: false type: int pm_config_pblock_firewall_policy6: description: the top level parameters set required: false suboptions: _policy_block: description: Assigned policy block. type: int action: choices: - deny - accept - ipsec - ssl-vpn description: Policy action type: str anti-replay: choices: - disable - enable description: Enable/disable anti-replay check. type: str app-category: description: description type: str app-group: description: description type: str application: description: description type: int application-list: description: Name of an existing Application list. type: str auto-asic-offload: choices: - disable - enable description: Enable/disable policy traffic ASIC offloading. type: str av-profile: description: Name of an existing Antivirus profile. type: str cgn-log-server-grp: description: no description type: str cifs-profile: description: Name of an existing CIFS profile. type: str comments: description: Comment. type: str custom-log-fields: description: description type: str devices: description: description type: str diffserv-forward: choices: - disable - enable description: Enable to change packets DiffServ values to the specified diffservcode-forward value. type: str diffserv-reverse: choices: - disable - enable description: Enable to change packets reverse type: str diffservcode-forward: description: Change packets DiffServ to this value. type: str diffservcode-rev: description: Change packets reverse type: str dlp-sensor: description: Name of an existing DLP sensor. type: str dnsfilter-profile: description: Name of an existing DNS filter profile. type: str dscp-match: choices: - disable - enable description: Enable DSCP check. type: str dscp-negate: choices: - disable - enable description: Enable negated DSCP match. type: str dscp-value: description: DSCP value. type: str dsri: choices: - disable - enable description: Enable DSRI to ignore HTTP server responses. type: str dstaddr: description: description type: str dstaddr-negate: choices: - disable - enable description: When enabled dstaddr specifies what the destination address must NOT be. type: str dstintf: description: description type: str emailfilter-profile: description: Name of an existing email filter profile. type: str firewall-session-dirty: choices: - check-all - check-new description: How to handle sessions if the configuration of this firewall policy changes. type: str fixedport: choices: - disable - enable description: Enable to prevent source NAT from changing a sessions source port. type: str fsso-groups: description: description type: str global-label: description: Label for the policy that appears when the GUI is in Global View mode. type: str groups: description: description type: str http-policy-redirect: choices: - disable - enable description: Redirect HTTP type: str icap-profile: description: Name of an existing ICAP profile. type: str inbound: choices: - disable - enable description: Policy-based IPsec VPN type: str inspection-mode: choices: - proxy - flow description: Policy inspection mode type: str ippool: choices: - disable - enable description: Enable to use IP Pools for source NAT. type: str ips-sensor: description: Name of an existing IPS sensor. type: str label: description: Label for the policy that appears when the GUI is in Section View mode. type: str logtraffic: choices: - disable - enable - all - utm description: Enable or disable logging. type: str logtraffic-start: choices: - disable - enable description: Record logs when a session starts. type: str mms-profile: description: Name of an existing MMS profile. type: str name: description: Policy name. type: str nat: choices: - disable - enable description: Enable/disable source NAT. type: str natinbound: choices: - disable - enable description: Policy-based IPsec VPN type: str natoutbound: choices: - disable - enable description: Policy-based IPsec VPN type: str np-acceleration: choices: - disable - enable description: Enable/disable UTM Network Processor acceleration. type: str outbound: choices: - disable - enable description: Policy-based IPsec VPN type: str per-ip-shaper: description: Per-IP traffic shaper. type: str policy-offload: choices: - disable - enable description: no description type: str policyid: description: Policy ID type: int poolname: description: description type: str profile-group: description: Name of profile group. type: str profile-protocol-options: description: Name of an existing Protocol options profile. type: str profile-type: choices: - single - group description: Determine whether the firewall policy allows security profile groups or single profiles only. type: str replacemsg-override-group: description: Override the default replacement message group for this policy. type: str rsso: choices: - disable - enable description: Enable/disable RADIUS single sign-on type: str schedule: description: Schedule name. type: str send-deny-packet: choices: - disable - enable description: Enable/disable return of deny-packet. type: str service: description: description type: str service-negate: choices: - disable - enable description: When enabled service specifies what the service must NOT be. type: str session-ttl: description: Session TTL in seconds for sessions accepted by this policy. type: str spamfilter-profile: description: Name of an existing Spam filter profile. type: str srcaddr: description: description type: str srcaddr-negate: choices: - disable - enable description: When enabled srcaddr specifies what the source address must NOT be. type: str srcintf: description: description type: str ssh-filter-profile: description: Name of an existing SSH filter profile. type: str ssh-policy-redirect: choices: - disable - enable description: Redirect SSH traffic to matching transparent proxy policy. type: str ssl-mirror: choices: - disable - enable description: Enable to copy decrypted SSL traffic to a FortiGate interface type: str ssl-mirror-intf: description: description type: str ssl-ssh-profile: description: Name of an existing SSL SSH profile. type: str status: choices: - disable - enable description: Enable or disable this policy. type: str tcp-mss-receiver: description: Receiver TCP maximum segment size type: int tcp-mss-sender: description: Sender TCP maximum segment size type: int tcp-session-without-syn: choices: - all - data-only - disable description: Enable/disable creation of TCP session without SYN flag. type: str timeout-send-rst: choices: - disable - enable description: Enable/disable sending RST packets when TCP sessions expire. type: str tos: description: ToS type: str tos-mask: description: Non-zero bit positions are used for comparison while zero bit positions are ignored. type: str tos-negate: choices: - disable - enable description: Enable negated TOS match. type: str traffic-shaper: description: Reverse traffic shaper. type: str traffic-shaper-reverse: description: Reverse traffic shaper. type: str url-category: description: description type: str users: description: description type: str utm-status: choices: - disable - enable description: Enable AV/web/ips protection profile. type: str uuid: description: Universally Unique Identifier type: str vlan-cos-fwd: description: VLAN forward direction user priority type: int vlan-cos-rev: description: VLAN reverse direction user priority type: int vlan-filter: description: Set VLAN filters. type: str voip-profile: description: Name of an existing VoIP profile. type: str vpntunnel: description: Policy-based IPsec VPN type: str waf-profile: description: Name of an existing Web application firewall profile. type: str webcache: choices: - disable - enable description: Enable/disable web cache. type: str webcache-https: choices: - disable - enable description: Enable/disable web cache for HTTPS. type: str webfilter-profile: description: Name of an existing Web filter profile. type: str webproxy-forward-server: description: Web proxy forward server name. type: str webproxy-profile: description: Webproxy profile name. type: str type: dict
meta: contains: request_url: description: The full url requested. returned: always sample: /sys/login/user type: str response_code: description: The status of api request. returned: always sample: 0 type: int response_data: description: The api response. returned: always type: list response_message: description: The descriptive message of the api response. returned: always sample: OK. type: str system_information: description: The information of the target system. returned: always type: dict description: The result of the request. returned: always type: dict rc: description: The status the request. returned: always sample: 0 type: int version_check_warning: description: Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: complex type: list