Try SpotterConfigure IPv6 policies.
| "added in version" 2.2.0 of drmofu.fortimanager"
Authors: Xinwei Du (@dux-fortinet), Xing Li (@lix-fortinet), Jie Xue (@JieX19), Link Zheng (@chillancezen), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu)
preview | supported by community
Install with ansible-galaxy collection install drmofu.fortimanager:==2.2.2
collections:
- name: drmofu.fortimanager
version: 2.2.2This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: Configure IPv6 policies.
fmgr_pm_config_pblock_firewall_policy6:
bypass_validation: False
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
rc_succeeded: [0, -2, -3, ...]
rc_failed: [-2, -3, ...]
adom: <your own value>
pblock: <your own value>
state: <value in [present, absent]>
pm_config_pblock_firewall_policy6:
_policy_block: <value of integer>
action: <value in [deny, accept, ipsec, ...]>
anti-replay: <value in [disable, enable]>
app-category: <value of string>
app-group: <value of string>
application: <value of integer>
application-list: <value of string>
auto-asic-offload: <value in [disable, enable]>
av-profile: <value of string>
cgn-log-server-grp: <value of string>
cifs-profile: <value of string>
comments: <value of string>
custom-log-fields: <value of string>
diffserv-forward: <value in [disable, enable]>
diffserv-reverse: <value in [disable, enable]>
diffservcode-forward: <value of string>
diffservcode-rev: <value of string>
dlp-sensor: <value of string>
dnsfilter-profile: <value of string>
dsri: <value in [disable, enable]>
dstaddr: <value of string>
dstaddr-negate: <value in [disable, enable]>
dstintf: <value of string>
emailfilter-profile: <value of string>
firewall-session-dirty: <value in [check-all, check-new]>
fixedport: <value in [disable, enable]>
fsso-groups: <value of string>
global-label: <value of string>
groups: <value of string>
http-policy-redirect: <value in [disable, enable]>
icap-profile: <value of string>
inbound: <value in [disable, enable]>
inspection-mode: <value in [proxy, flow]>
ippool: <value in [disable, enable]>
ips-sensor: <value of string>
label: <value of string>
logtraffic: <value in [disable, enable, all, ...]>
logtraffic-start: <value in [disable, enable]>
mms-profile: <value of string>
name: <value of string>
nat: <value in [disable, enable]>
natinbound: <value in [disable, enable]>
natoutbound: <value in [disable, enable]>
np-acceleration: <value in [disable, enable]>
outbound: <value in [disable, enable]>
per-ip-shaper: <value of string>
policy-offload: <value in [disable, enable]>
policyid: <value of integer>
poolname: <value of string>
profile-group: <value of string>
profile-protocol-options: <value of string>
profile-type: <value in [single, group]>
replacemsg-override-group: <value of string>
rsso: <value in [disable, enable]>
schedule: <value of string>
send-deny-packet: <value in [disable, enable]>
service: <value of string>
service-negate: <value in [disable, enable]>
session-ttl: <value of string>
srcaddr: <value of string>
srcaddr-negate: <value in [disable, enable]>
srcintf: <value of string>
ssh-filter-profile: <value of string>
ssh-policy-redirect: <value in [disable, enable]>
ssl-mirror: <value in [disable, enable]>
ssl-mirror-intf: <value of string>
ssl-ssh-profile: <value of string>
status: <value in [disable, enable]>
tcp-mss-receiver: <value of integer>
tcp-mss-sender: <value of integer>
tcp-session-without-syn: <value in [all, data-only, disable]>
timeout-send-rst: <value in [disable, enable]>
tos: <value of string>
tos-mask: <value of string>
tos-negate: <value in [disable, enable]>
traffic-shaper: <value of string>
traffic-shaper-reverse: <value of string>
url-category: <value of string>
users: <value of string>
utm-status: <value in [disable, enable]>
uuid: <value of string>
vlan-cos-fwd: <value of integer>
vlan-cos-rev: <value of integer>
vlan-filter: <value of string>
voip-profile: <value of string>
vpntunnel: <value of string>
waf-profile: <value of string>
webcache: <value in [disable, enable]>
webcache-https: <value in [disable, enable]>
webfilter-profile: <value of string>
webproxy-forward-server: <value of string>
webproxy-profile: <value of string>
dscp-negate: <value in [disable, enable]>
devices: <value of string>
dscp-value: <value of string>
spamfilter-profile: <value of string>
dscp-match: <value in [disable, enable]>
adom:
description: the parameter (adom) in requested url
required: true
type: str
state:
choices:
- present
- absent
description: The directive to create, update or delete an object.
required: true
type: str
pblock:
description: the parameter (pblock) in requested url
required: true
type: str
rc_failed:
description: The rc codes list with which the conditions to fail will be overriden.
elements: int
required: false
type: list
enable_log:
default: false
description: Enable/Disable logging for task.
required: false
type: bool
access_token:
description: The token to access FortiManager without using username and password.
required: false
type: str
rc_succeeded:
description: The rc codes list with which the conditions to succeed will be overriden.
elements: int
required: false
type: list
proposed_method:
choices:
- update
- set
- add
description: The overridden method for the underlying Json RPC request.
required: false
type: str
bypass_validation:
default: false
description: Only set to True when module schema diffs with FortiManager API structure,
module continues to execute without validating parameters.
required: false
type: bool
workspace_locking_adom:
description: The adom to lock for FortiManager running in workspace mode, the value
can be global and others including root.
required: false
type: str
forticloud_access_token:
description: Authenticate Ansible client with forticloud API access token.
required: false
type: str
workspace_locking_timeout:
default: 300
description: The maximum time in seconds to wait for other user to release the workspace
lock.
required: false
type: int
pm_config_pblock_firewall_policy6:
description: the top level parameters set
required: false
suboptions:
_policy_block:
description: Assigned policy block.
type: int
action:
choices:
- deny
- accept
- ipsec
- ssl-vpn
description: Policy action
type: str
anti-replay:
choices:
- disable
- enable
description: Enable/disable anti-replay check.
type: str
app-category:
description: description
type: str
app-group:
description: description
type: str
application:
description: description
type: int
application-list:
description: Name of an existing Application list.
type: str
auto-asic-offload:
choices:
- disable
- enable
description: Enable/disable policy traffic ASIC offloading.
type: str
av-profile:
description: Name of an existing Antivirus profile.
type: str
cgn-log-server-grp:
description: no description
type: str
cifs-profile:
description: Name of an existing CIFS profile.
type: str
comments:
description: Comment.
type: str
custom-log-fields:
description: description
type: str
devices:
description: description
type: str
diffserv-forward:
choices:
- disable
- enable
description: Enable to change packets DiffServ values to the specified diffservcode-forward
value.
type: str
diffserv-reverse:
choices:
- disable
- enable
description: Enable to change packets reverse
type: str
diffservcode-forward:
description: Change packets DiffServ to this value.
type: str
diffservcode-rev:
description: Change packets reverse
type: str
dlp-sensor:
description: Name of an existing DLP sensor.
type: str
dnsfilter-profile:
description: Name of an existing DNS filter profile.
type: str
dscp-match:
choices:
- disable
- enable
description: Enable DSCP check.
type: str
dscp-negate:
choices:
- disable
- enable
description: Enable negated DSCP match.
type: str
dscp-value:
description: DSCP value.
type: str
dsri:
choices:
- disable
- enable
description: Enable DSRI to ignore HTTP server responses.
type: str
dstaddr:
description: description
type: str
dstaddr-negate:
choices:
- disable
- enable
description: When enabled dstaddr specifies what the destination address must
NOT be.
type: str
dstintf:
description: description
type: str
emailfilter-profile:
description: Name of an existing email filter profile.
type: str
firewall-session-dirty:
choices:
- check-all
- check-new
description: How to handle sessions if the configuration of this firewall policy
changes.
type: str
fixedport:
choices:
- disable
- enable
description: Enable to prevent source NAT from changing a sessions source port.
type: str
fsso-groups:
description: description
type: str
global-label:
description: Label for the policy that appears when the GUI is in Global View
mode.
type: str
groups:
description: description
type: str
http-policy-redirect:
choices:
- disable
- enable
description: Redirect HTTP
type: str
icap-profile:
description: Name of an existing ICAP profile.
type: str
inbound:
choices:
- disable
- enable
description: Policy-based IPsec VPN
type: str
inspection-mode:
choices:
- proxy
- flow
description: Policy inspection mode
type: str
ippool:
choices:
- disable
- enable
description: Enable to use IP Pools for source NAT.
type: str
ips-sensor:
description: Name of an existing IPS sensor.
type: str
label:
description: Label for the policy that appears when the GUI is in Section View
mode.
type: str
logtraffic:
choices:
- disable
- enable
- all
- utm
description: Enable or disable logging.
type: str
logtraffic-start:
choices:
- disable
- enable
description: Record logs when a session starts.
type: str
mms-profile:
description: Name of an existing MMS profile.
type: str
name:
description: Policy name.
type: str
nat:
choices:
- disable
- enable
description: Enable/disable source NAT.
type: str
natinbound:
choices:
- disable
- enable
description: Policy-based IPsec VPN
type: str
natoutbound:
choices:
- disable
- enable
description: Policy-based IPsec VPN
type: str
np-acceleration:
choices:
- disable
- enable
description: Enable/disable UTM Network Processor acceleration.
type: str
outbound:
choices:
- disable
- enable
description: Policy-based IPsec VPN
type: str
per-ip-shaper:
description: Per-IP traffic shaper.
type: str
policy-offload:
choices:
- disable
- enable
description: no description
type: str
policyid:
description: Policy ID
type: int
poolname:
description: description
type: str
profile-group:
description: Name of profile group.
type: str
profile-protocol-options:
description: Name of an existing Protocol options profile.
type: str
profile-type:
choices:
- single
- group
description: Determine whether the firewall policy allows security profile groups
or single profiles only.
type: str
replacemsg-override-group:
description: Override the default replacement message group for this policy.
type: str
rsso:
choices:
- disable
- enable
description: Enable/disable RADIUS single sign-on
type: str
schedule:
description: Schedule name.
type: str
send-deny-packet:
choices:
- disable
- enable
description: Enable/disable return of deny-packet.
type: str
service:
description: description
type: str
service-negate:
choices:
- disable
- enable
description: When enabled service specifies what the service must NOT be.
type: str
session-ttl:
description: Session TTL in seconds for sessions accepted by this policy.
type: str
spamfilter-profile:
description: Name of an existing Spam filter profile.
type: str
srcaddr:
description: description
type: str
srcaddr-negate:
choices:
- disable
- enable
description: When enabled srcaddr specifies what the source address must NOT be.
type: str
srcintf:
description: description
type: str
ssh-filter-profile:
description: Name of an existing SSH filter profile.
type: str
ssh-policy-redirect:
choices:
- disable
- enable
description: Redirect SSH traffic to matching transparent proxy policy.
type: str
ssl-mirror:
choices:
- disable
- enable
description: Enable to copy decrypted SSL traffic to a FortiGate interface
type: str
ssl-mirror-intf:
description: description
type: str
ssl-ssh-profile:
description: Name of an existing SSL SSH profile.
type: str
status:
choices:
- disable
- enable
description: Enable or disable this policy.
type: str
tcp-mss-receiver:
description: Receiver TCP maximum segment size
type: int
tcp-mss-sender:
description: Sender TCP maximum segment size
type: int
tcp-session-without-syn:
choices:
- all
- data-only
- disable
description: Enable/disable creation of TCP session without SYN flag.
type: str
timeout-send-rst:
choices:
- disable
- enable
description: Enable/disable sending RST packets when TCP sessions expire.
type: str
tos:
description: ToS
type: str
tos-mask:
description: Non-zero bit positions are used for comparison while zero bit positions
are ignored.
type: str
tos-negate:
choices:
- disable
- enable
description: Enable negated TOS match.
type: str
traffic-shaper:
description: Reverse traffic shaper.
type: str
traffic-shaper-reverse:
description: Reverse traffic shaper.
type: str
url-category:
description: description
type: str
users:
description: description
type: str
utm-status:
choices:
- disable
- enable
description: Enable AV/web/ips protection profile.
type: str
uuid:
description: Universally Unique Identifier
type: str
vlan-cos-fwd:
description: VLAN forward direction user priority
type: int
vlan-cos-rev:
description: VLAN reverse direction user priority
type: int
vlan-filter:
description: Set VLAN filters.
type: str
voip-profile:
description: Name of an existing VoIP profile.
type: str
vpntunnel:
description: Policy-based IPsec VPN
type: str
waf-profile:
description: Name of an existing Web application firewall profile.
type: str
webcache:
choices:
- disable
- enable
description: Enable/disable web cache.
type: str
webcache-https:
choices:
- disable
- enable
description: Enable/disable web cache for HTTPS.
type: str
webfilter-profile:
description: Name of an existing Web filter profile.
type: str
webproxy-forward-server:
description: Web proxy forward server name.
type: str
webproxy-profile:
description: Webproxy profile name.
type: str
type: dict
meta:
contains:
request_url:
description: The full url requested.
returned: always
sample: /sys/login/user
type: str
response_code:
description: The status of api request.
returned: always
sample: 0
type: int
response_data:
description: The api response.
returned: always
type: list
response_message:
description: The descriptive message of the api response.
returned: always
sample: OK.
type: str
system_information:
description: The information of the target system.
returned: always
type: dict
description: The result of the request.
returned: always
type: dict
rc:
description: The status the request.
returned: always
sample: 0
type: int
version_check_warning:
description: Warning if the parameters used in the playbook are not supported by
the current FortiManager version.
returned: complex
type: list