Try SpotterGlobal range attributes.
| "added in version" 1.0.0 of drmofu.fortimanager"
Authors: Xinwei Du (@dux-fortinet), Xing Li (@lix-fortinet), Jie Xue (@JieX19), Link Zheng (@chillancezen), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu)
preview | supported by community
Install with ansible-galaxy collection install drmofu.fortimanager:==2.2.2
collections:
- name: drmofu.fortimanager
version: 2.2.2This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- hosts: fortimanager00
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: enable workspace mode
fmgr_system_global:
system_global:
adom-status: enable
workspace-mode: normal
- name: Script table.
fmgr_dvmdb_script:
bypass_validation: False
adom: root
state: present
workspace_locking_adom: 'root'
dvmdb_script:
content: 'ansiblt-test'
name: 'fooscript000'
target: device_database
type: cli
- name: verify script table
fmgr_fact:
facts:
selector: 'dvmdb_script'
params:
adom: 'root'
script: 'fooscript000'
register: info
failed_when: info.meta.response_code != 0
- name: restore workspace mode
fmgr_system_global:
system_global:
adom-status: enable
workspace-mode: disabled
rc_failed:
description: The rc codes list with which the conditions to fail will be overriden.
elements: int
required: false
type: list
enable_log:
default: false
description: Enable/Disable logging for task.
required: false
type: bool
access_token:
description: The token to access FortiManager without using username and password.
required: false
type: str
rc_succeeded:
description: The rc codes list with which the conditions to succeed will be overriden.
elements: int
required: false
type: list
system_global:
description: the top level parameters set
required: false
suboptions:
admin-lockout-duration:
description: Lockout duration
type: int
admin-lockout-method:
choices:
- ip
- user
description:
- Lockout method for administration.
- ip - Lockout by IP
- user - Lockout by user
type: str
admin-lockout-threshold:
description: Lockout threshold for administration.
type: int
adom-mode:
choices:
- normal
- advanced
description:
- ADOM mode.
- normal - Normal ADOM mode.
- advanced - Advanced ADOM mode.
type: str
adom-rev-auto-delete:
choices:
- disable
- by-revisions
- by-days
description:
- Auto delete features for old ADOM revisions.
- disable - Disable auto delete function for ADOM revision.
- by-revisions - Auto delete ADOM revisions by maximum number of revisions.
- by-days - Auto delete ADOM revisions by maximum days.
type: str
adom-rev-max-backup-revisions:
description: Maximum number of ADOM revisions to backup.
type: int
adom-rev-max-days:
description: Number of days to keep old ADOM revisions.
type: int
adom-rev-max-revisions:
description: Maximum number of ADOM revisions to keep.
type: int
adom-select:
choices:
- disable
- enable
description:
- Enable/disable select ADOM after login.
- disable - Disable select ADOM after login.
- enable - Enable select ADOM after login.
type: str
adom-status:
choices:
- disable
- enable
description:
- ADOM status.
- disable - Disable ADOM mode.
- enable - Enable ADOM mode.
type: str
clone-name-option:
choices:
- default
- keep
description:
- set the clone object names option.
- default - Add a prefix of Clone of to the clone name.
- keep - Keep the original name for user to edit.
type: str
clt-cert-req:
choices:
- disable
- enable
- optional
description:
- Require client certificate for GUI login.
- disable - Disable setting.
- enable - Require client certificate for GUI login.
- optional - Optional client certificate for GUI login.
type: str
console-output:
choices:
- standard
- more
description:
- Console output mode.
- standard - Standard output.
- more - More page output.
type: str
contentpack-fgt-install:
choices:
- disable
- enable
description:
- Enable/disable outbreak alert auto install for FGT ADOMS .
- disable - Disable the sql report auto outbreak auto install.
- enable - Enable the sql report auto outbreak auto install.
type: str
country-flag:
choices:
- disable
- enable
description:
- Country flag Status.
- disable - Disable country flag icon beside ip address.
- enable - Enable country flag icon beside ip address.
type: str
create-revision:
choices:
- disable
- enable
description:
- Enable/disable create revision by default.
- disable - Disable create revision by default.
- enable - Enable create revision by default.
type: str
daylightsavetime:
choices:
- disable
- enable
description:
- Enable/disable daylight saving time.
- disable - Disable setting.
- enable - Enable setting.
type: str
default-disk-quota:
description: Default disk quota for registered device
type: int
detect-unregistered-log-device:
choices:
- disable
- enable
description:
- Detect unregistered logging device from log message.
- disable - Disable attribute function.
- enable - Enable attribute function.
type: str
device-view-mode:
choices:
- regular
- tree
description:
- Set devices/groups view mode.
- regular - Regular view mode.
- tree - Tree view mode.
type: str
dh-params:
choices:
- '1024'
- '1536'
- '2048'
- '3072'
- '4096'
- '6144'
- '8192'
description:
- Minimum size of Diffie-Hellman prime for SSH/HTTPS
- 1024 - 1024 bits.
- 1536 - 1536 bits.
- 2048 - 2048 bits.
- 3072 - 3072 bits.
- 4096 - 4096 bits.
- 6144 - 6144 bits.
- 8192 - 8192 bits.
type: str
disable-module:
choices:
- fortiview-noc
- none
- fortirecorder
- siem
- soc
- ai
description: Disable module list.
elements: str
type: list
enc-algorithm:
choices:
- low
- medium
- high
- custom
description:
- SSL communication encryption algorithms.
- low - SSL communication using all available encryption algorithms.
- medium - SSL communication using high and medium encryption algorithms.
- high - SSL communication using high encryption algorithms.
type: str
faz-status:
choices:
- disable
- enable
description:
- FAZ status.
- disable - Disable FAZ feature.
- enable - Enable FAZ feature.
type: str
fgfm-ca-cert:
description: set the extra fgfm CA certificates.
type: str
fgfm-cert-exclusive:
choices:
- disable
- enable
description:
- set if the local or CA certificates should be used exclusively.
- disable - Used certificate best-effort.
- enable - Used certificate exclusive.
type: str
fgfm-local-cert:
description: set the fgfm local certificate.
type: str
fgfm-ssl-protocol:
choices:
- sslv3
- tlsv1.0
- tlsv1.1
- tlsv1.2
- tlsv1.3
description:
- set the lowest SSL protocols for fgfmsd.
- sslv3 - set SSLv3 as the lowest version.
- tlsv1.
- tlsv1.
- tlsv1.
type: str
gui-curl-timeout:
description: GUI curl timeout in seconds
type: int
gui-polling-interval:
description: GUI polling interval in seconds
type: int
ha-member-auto-grouping:
choices:
- disable
- enable
description:
- Enable/disable automatically group HA members feature
- disable - Disable automatically grouping HA members feature.
- enable - Enable automatically grouping HA members only when group name is unique
in your network.
type: str
hitcount_concurrent:
description: The number of FortiGates that FortiManager polls at one time
type: int
hitcount_interval:
description: The interval for getting hit count from managed FortiGate devices,
in seconds
type: int
hostname:
description: System hostname.
type: str
import-ignore-addr-cmt:
choices:
- disable
- enable
description:
- Enable/Disable import ignore of address comments.
- disable - Disable import ignore of address comments.
- enable - Enable import ignore of address comments.
type: str
language:
choices:
- english
- simch
- japanese
- korean
- spanish
- trach
description:
- System global language.
- english - English
- simch - Simplified Chinese
- japanese - Japanese
- korean - Korean
- spanish - Spanish
- trach - Traditional Chinese
type: str
latitude:
description: fmg location latitude
type: str
ldap-cache-timeout:
description: LDAP browser cache timeout
type: int
ldapconntimeout:
description: LDAP connection timeout
type: int
lock-preempt:
choices:
- disable
- enable
description:
- Enable/disable ADOM lock override.
- disable - Disable lock preempt.
- enable - Enable lock preempt.
type: str
log-checksum:
choices:
- none
- md5
- md5-auth
description:
- Record log file hash value, timestamp, and authentication code at transmission
or rolling.
- none - No record log file checksum.
- md5 - Record log files MD5 hash value only.
- md5-auth - Record log files MD5 hash value and authentication code.
type: str
log-checksum-upload:
choices:
- disable
- enable
description:
- Enable/disable upload log checksum with log files.
- disable - Disable attribute function.
- enable - Enable attribute function.
type: str
log-forward-cache-size:
description: Log forwarding disk cache size
type: int
longitude:
description: fmg location longitude
type: str
max-log-forward:
description: Maximum number of log-forward and aggregation settings.
type: int
max-running-reports:
description: Maximum number of reports generating at one time.
type: int
mc-policy-disabled-adoms:
description: Mc-Policy-Disabled-Adoms.
elements: dict
suboptions:
adom-name:
description: Adom names.
type: str
type: list
multiple-steps-upgrade-in-autolink:
choices:
- disable
- enable
description:
- Enable/disable multiple steps upgade in autolink process
- disable - Disable setting.
- enable - Enable setting.
type: str
no-copy-permission-check:
choices:
- disable
- enable
description:
- Do not perform permission check to block object changes in different adom during
copy and install.
- disable - Disable setting.
- enable - Enable setting.
type: str
normalized-intf-zone-only:
choices:
- disable
- enable
description:
- allow normalized interface to be zone only.
- disable - Disable SSL low-grade encryption.
- enable - Enable SSL low-grade encryption.
type: str
object-revision-db-max:
description: Maximum revisions for a single database
type: int
object-revision-mandatory-note:
choices:
- disable
- enable
description:
- Enable/disable mandatory note when create revision.
- disable - Disable object revision.
- enable - Enable object revision.
type: str
object-revision-object-max:
description: Maximum revisions for a single object
type: int
object-revision-status:
choices:
- disable
- enable
description:
- Enable/disable create revision when modify objects.
- disable - Disable object revision.
- enable - Enable object revision.
type: str
oftp-ssl-protocol:
choices:
- sslv3
- tlsv1.0
- tlsv1.1
- tlsv1.2
- tlsv1.3
description:
- set the lowest SSL protocols for oftpd.
- sslv3 - set SSLv3 as the lowest version.
- tlsv1.
- tlsv1.
- tlsv1.
type: str
partial-install:
choices:
- disable
- enable
description:
- Enable/Disable partial install
- disable - Disable partial install function.
- enable - Enable partial install function.
type: str
partial-install-force:
choices:
- disable
- enable
description:
- Enable/Disable partial install when devdb is modified.
- disable - Disable partial install when devdb is modified.
- enable - Enable partial install when devdb is modified.
type: str
partial-install-rev:
choices:
- disable
- enable
description:
- Enable/Disable auto creating adom revision for partial install.
- disable - Disable partial install revision.
- enable - Enable partial install revision.
type: str
per-policy-lock:
choices:
- disable
- enable
description:
- Enable/Disable per policy lock.
- disable - Disable per policy lock.
- enable - Enable per policy lock.
type: str
perform-improve-by-ha:
choices:
- disable
- enable
description:
- Enable/Disable performance improvement by distributing tasks to HA slaves.
- disable - Disable performance improvement by HA.
- enable - Enable performance improvement by HA.
type: str
policy-hit-count:
choices:
- disable
- enable
description:
- show policy hit count.
- disable - Disable policy hit count.
- enable - Enable policy hit count.
type: str
policy-object-icon:
choices:
- disable
- enable
description:
- show icons of policy objects.
- disable - Disable icon of policy objects.
- enable - Enable icon of policy objects.
type: str
policy-object-in-dual-pane:
choices:
- disable
- enable
description:
- show policies and objects in dual pane.
- disable - Disable polices and objects in dual pane.
- enable - Enable polices and objects in dual pane.
type: str
pre-login-banner:
choices:
- disable
- enable
description:
- Enable/disable pre-login banner.
- disable - Disable pre-login banner.
- enable - Enable pre-login banner.
type: str
pre-login-banner-message:
description: Pre-login banner message.
type: str
private-data-encryption:
choices:
- disable
- enable
description:
- Enable/disable private data encryption using an AES 128-bit key.
- disable - Disable private data encryption using an AES 128-bit key.
- enable - Enable private data encryption using an AES 128-bit key.
type: str
remoteauthtimeout:
description: Remote authentication
type: int
search-all-adoms:
choices:
- disable
- enable
description:
- Enable/Disable Search all ADOMs for where-used query.
- disable - Disable search all ADOMs for where-used queries.
- enable - Enable search all ADOMs for where-used queries.
type: str
ssl-cipher-suites:
description: description
elements: dict
suboptions:
cipher:
description: Cipher name
type: str
priority:
description: SSL/TLS cipher suites priority.
type: int
version:
choices:
- tls1.2-or-below
- tls1.3
description:
- SSL/TLS version the cipher suite can be used with.
- tls1.
- tls1.
type: str
type: list
ssl-low-encryption:
choices:
- disable
- enable
description:
- SSL low-grade encryption.
- disable - Disable SSL low-grade encryption.
- enable - Enable SSL low-grade encryption.
type: str
ssl-protocol:
choices:
- tlsv1.2
- tlsv1.1
- tlsv1.0
- sslv3
- tlsv1.3
description: SSL protocols.
elements: str
type: list
ssl-static-key-ciphers:
choices:
- disable
- enable
description:
- Enable/disable SSL static key ciphers.
- disable - Disable setting.
- enable - Enable setting.
type: str
table-entry-blink:
choices:
- disable
- enable
description:
- Enable/disable table entry blink in GUI
- disable - Disable setting.
- enable - Enable setting.
type: str
task-list-size:
description: Maximum number of completed tasks to keep.
type: int
tftp:
choices:
- disable
- enable
description:
- Enable/disable TFTP in `exec restore image` command
- disable - Disable TFTP
- enable - Enable TFTP
type: str
timezone:
choices:
- '00'
- '01'
- '02'
- '03'
- '04'
- '05'
- '06'
- '07'
- 08
- 09
- '10'
- '11'
- '12'
- '13'
- '14'
- '15'
- '16'
- '17'
- '18'
- '19'
- '20'
- '21'
- '22'
- '23'
- '24'
- '25'
- '26'
- '27'
- '28'
- '29'
- '30'
- '31'
- '32'
- '33'
- '34'
- '35'
- '36'
- '37'
- '38'
- '39'
- '40'
- '41'
- '42'
- '43'
- '44'
- '45'
- '46'
- '47'
- '48'
- '49'
- '50'
- '51'
- '52'
- '53'
- '54'
- '55'
- '56'
- '57'
- '58'
- '59'
- '60'
- '61'
- '62'
- '63'
- '64'
- '65'
- '66'
- '67'
- '68'
- '69'
- '70'
- '71'
- '72'
- '73'
- '74'
- '75'
- '76'
- '77'
- '78'
- '79'
- '80'
- '81'
- '82'
- '83'
- '84'
- '85'
- '86'
- '87'
- '88'
- '89'
- '90'
- '91'
description:
- Time zone.
- 00 -
- 01 -
- 02 -
- 03 -
- 04 -
- 05 -
- 06 -
- 07 -
- 08 -
- 09 -
- 10 -
- 11 -
- 12 -
- 13 -
- 14 -
- 15 -
- 16 -
- 17 -
- 18 -
- 19 -
- 20 -
- 21 -
- 22 -
- 23 -
- 24 -
- 25 -
- 26 -
- 27 -
- 28 -
- 29 -
- 30 -
- 31 -
- 32 -
- 33 -
- 34 -
- 35 -
- 36 -
- 37 -
- 38 -
- 39 -
- 40 -
- 41 -
- 42 -
- 43 -
- 44 -
- 45 -
- 46 -
- 47 -
- 48 -
- 49 -
- 50 -
- 51 -
- 52 -
- 53 -
- 54 -
- 55 -
- 56 -
- 57 -
- 58 -
- 59 -
- 60 -
- 61 -
- 62 -
- 63 -
- 64 -
- 65 -
- 66 -
- 67 -
- 68 -
- 69 -
- 70 -
- 71 -
- 72 -
- 73 -
- 74 -
- 75 -
- 76 -
- 77 -
- 78 -
- 79 -
- 80 -
- 81 -
- 82 -
- 83 -
- 84 -
- 85 -
- 86 -
- 87 -
- 88 -
- 89 -
type: str
tunnel-mtu:
description: Maximum transportation unit
type: int
usg:
choices:
- disable
- enable
description:
- Enable/disable Fortiguard server restriction.
- disable - Contact any Fortiguard server
- enable - Contact Fortiguard server in USA only
type: str
vdom-mirror:
choices:
- disable
- enable
description:
- VDOM mirror.
- disable - Disable VDOM mirror function.
- enable - Enable VDOM mirror function.
type: str
webservice-proto:
choices:
- tlsv1.2
- tlsv1.1
- tlsv1.0
- sslv3
- sslv2
- tlsv1.3
description: Web Service connection support SSL protocols.
elements: str
type: list
workflow-max-sessions:
description: Maximum number of workflow sessions per ADOM
type: int
workspace-mode:
choices:
- disabled
- normal
- workflow
- per-adom
description:
- Set workspace mode
- disabled - Workspace disabled.
- normal - Workspace lock mode.
- workflow - Workspace workflow mode.
type: str
workspace-unlock-after-install:
choices:
- disable
- enable
description:
- Enable/disable ADOM auto-unlock after device installation.
- disable - Disable automatically unlock adom after device installation.
- enable - Enable automatically unlock adom after device installation.
type: str
type: dict
proposed_method:
choices:
- update
- set
- add
description: The overridden method for the underlying Json RPC request.
required: false
type: str
bypass_validation:
default: false
description: Only set to True when module schema diffs with FortiManager API structure,
module continues to execute without validating parameters.
required: false
type: bool
workspace_locking_adom:
description: The adom to lock for FortiManager running in workspace mode, the value
can be global and others including root.
required: false
type: str
forticloud_access_token:
description: Authenticate Ansible client with forticloud API access token.
required: false
type: str
workspace_locking_timeout:
default: 300
description: The maximum time in seconds to wait for other user to release the workspace
lock.
required: false
type: int
meta:
contains:
request_url:
description: The full url requested.
returned: always
sample: /sys/login/user
type: str
response_code:
description: The status of api request.
returned: always
sample: 0
type: int
response_data:
description: The api response.
returned: always
type: list
response_message:
description: The descriptive message of the api response.
returned: always
sample: OK.
type: str
system_information:
description: The information of the target system.
returned: always
type: dict
description: The result of the request.
returned: always
type: dict
rc:
description: The status the request.
returned: always
sample: 0
type: int
version_check_warning:
description: Warning if the parameters used in the playbook are not supported by
the current FortiManager version.
returned: complex
type: list