drmofu / drmofu.fortimanager / 2.2.2 / module / fmgr_widsprofile Configure wireless intrusion detection system | "added in version" 2.0.0 of drmofu.fortimanager" Authors: Xinwei Du (@dux-fortinet), Xing Li (@lix-fortinet), Jie Xue (@JieX19), Link Zheng (@chillancezen), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu) preview | supported by communitydrmofu.fortimanager.fmgr_widsprofile (2.2.2) — module
Install with ansible-galaxy collection install drmofu.fortimanager:==2.2.2
collections: - name: drmofu.fortimanager version: 2.2.2
This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- hosts: fortimanager-inventory collections: - fortinet.fortimanager connection: httpapi vars: ansible_httpapi_use_ssl: True ansible_httpapi_validate_certs: False ansible_httpapi_port: 443 tasks: - name: Configure wireless intrusion detection system fmgr_widsprofile: bypass_validation: False workspace_locking_adom: <value in [global, custom adom including root]> workspace_locking_timeout: 300 rc_succeeded: [0, -2, -3, ...] rc_failed: [-2, -3, ...] adom: <your own value> state: <value in [present, absent]> widsprofile: ap-auto-suppress: <value in [disable, enable]> ap-bgscan-disable-day: - sunday - monday - tuesday - wednesday - thursday - friday - saturday ap-bgscan-disable-end: <value of string> ap-bgscan-disable-start: <value of string> ap-bgscan-duration: <value of integer> ap-bgscan-idle: <value of integer> ap-bgscan-intv: <value of integer> ap-bgscan-period: <value of integer> ap-bgscan-report-intv: <value of integer> ap-fgscan-report-intv: <value of integer> ap-scan: <value in [disable, enable]> ap-scan-passive: <value in [disable, enable]> asleap-attack: <value in [disable, enable]> assoc-flood-thresh: <value of integer> assoc-flood-time: <value of integer> assoc-frame-flood: <value in [disable, enable]> auth-flood-thresh: <value of integer> auth-flood-time: <value of integer> auth-frame-flood: <value in [disable, enable]> comment: <value of string> deauth-broadcast: <value in [disable, enable]> deauth-unknown-src-thresh: <value of integer> eapol-fail-flood: <value in [disable, enable]> eapol-fail-intv: <value of integer> eapol-fail-thresh: <value of integer> eapol-logoff-flood: <value in [disable, enable]> eapol-logoff-intv: <value of integer> eapol-logoff-thresh: <value of integer> eapol-pre-fail-flood: <value in [disable, enable]> eapol-pre-fail-intv: <value of integer> eapol-pre-fail-thresh: <value of integer> eapol-pre-succ-flood: <value in [disable, enable]> eapol-pre-succ-intv: <value of integer> eapol-pre-succ-thresh: <value of integer> eapol-start-flood: <value in [disable, enable]> eapol-start-intv: <value of integer> eapol-start-thresh: <value of integer> eapol-succ-flood: <value in [disable, enable]> eapol-succ-intv: <value of integer> eapol-succ-thresh: <value of integer> invalid-mac-oui: <value in [disable, enable]> long-duration-attack: <value in [disable, enable]> long-duration-thresh: <value of integer> name: <value of string> null-ssid-probe-resp: <value in [disable, enable]> sensor-mode: <value in [disable, foreign, both]> spoofed-deauth: <value in [disable, enable]> weak-wep-iv: <value in [disable, enable]> wireless-bridge: <value in [disable, enable]> ap-bgscan-disable-schedules: <value of string> rogue-scan: <value in [disable, enable]> ap-scan-threshold: <value of string>
adom: description: the parameter (adom) in requested url required: true type: str state: choices: - present - absent description: The directive to create, update or delete an object. required: true type: str rc_failed: description: The rc codes list with which the conditions to fail will be overriden. elements: int required: false type: list enable_log: default: false description: Enable/Disable logging for task. required: false type: bool widsprofile: description: the top level parameters set required: false suboptions: ap-auto-suppress: choices: - disable - enable description: Enable/disable on-wire rogue AP auto-suppression type: str ap-bgscan-disable-day: choices: - sunday - monday - tuesday - wednesday - thursday - friday - saturday description: Ap-Bgscan-Disable-Day. elements: str type: list ap-bgscan-disable-end: description: End time, using a 24-hour clock in the format of hh type: str ap-bgscan-disable-schedules: description: Firewall schedules for turning off FortiAP radio background scan. type: str ap-bgscan-disable-start: description: Start time, using a 24-hour clock in the format of hh type: str ap-bgscan-duration: description: Listening time on a scanning channel type: int ap-bgscan-idle: description: Waiting time for channel inactivity before scanning this channel type: int ap-bgscan-intv: description: Period of time between scanning two channels type: int ap-bgscan-period: description: Period of time between background scans type: int ap-bgscan-report-intv: description: Period of time between background scan reports type: int ap-fgscan-report-intv: description: Period of time between foreground scan reports type: int ap-scan: choices: - disable - enable description: Enable/disable rogue AP detection. type: str ap-scan-passive: choices: - disable - enable description: Enable/disable passive scanning. type: str ap-scan-threshold: description: Minimum signal level/threshold in dBm required for the AP to report detected rogue AP type: str asleap-attack: choices: - disable - enable description: Enable/disable asleap attack detection type: str assoc-flood-thresh: description: The threshold value for association frame flooding. type: int assoc-flood-time: description: Number of seconds after which a station is considered not connected. type: int assoc-frame-flood: choices: - disable - enable description: Enable/disable association frame flooding detection type: str auth-flood-thresh: description: The threshold value for authentication frame flooding. type: int auth-flood-time: description: Number of seconds after which a station is considered not connected. type: int auth-frame-flood: choices: - disable - enable description: Enable/disable authentication frame flooding detection type: str comment: description: Comment. type: str deauth-broadcast: choices: - disable - enable description: Enable/disable broadcasting de-authentication detection type: str deauth-unknown-src-thresh: description: Threshold value per second to deauth unknown src for DoS attack type: int eapol-fail-flood: choices: - disable - enable description: Enable/disable EAPOL-Failure flooding type: str eapol-fail-intv: description: The detection interval for EAPOL-Failure flooding type: int eapol-fail-thresh: description: The threshold value for EAPOL-Failure flooding in specified interval. type: int eapol-logoff-flood: choices: - disable - enable description: Enable/disable EAPOL-Logoff flooding type: str eapol-logoff-intv: description: The detection interval for EAPOL-Logoff flooding type: int eapol-logoff-thresh: description: The threshold value for EAPOL-Logoff flooding in specified interval. type: int eapol-pre-fail-flood: choices: - disable - enable description: Enable/disable premature EAPOL-Failure flooding type: str eapol-pre-fail-intv: description: The detection interval for premature EAPOL-Failure flooding type: int eapol-pre-fail-thresh: description: The threshold value for premature EAPOL-Failure flooding in specified interval. type: int eapol-pre-succ-flood: choices: - disable - enable description: Enable/disable premature EAPOL-Success flooding type: str eapol-pre-succ-intv: description: The detection interval for premature EAPOL-Success flooding type: int eapol-pre-succ-thresh: description: The threshold value for premature EAPOL-Success flooding in specified interval. type: int eapol-start-flood: choices: - disable - enable description: Enable/disable EAPOL-Start flooding type: str eapol-start-intv: description: The detection interval for EAPOL-Start flooding type: int eapol-start-thresh: description: The threshold value for EAPOL-Start flooding in specified interval. type: int eapol-succ-flood: choices: - disable - enable description: Enable/disable EAPOL-Success flooding type: str eapol-succ-intv: description: The detection interval for EAPOL-Success flooding type: int eapol-succ-thresh: description: The threshold value for EAPOL-Success flooding in specified interval. type: int invalid-mac-oui: choices: - disable - enable description: Enable/disable invalid MAC OUI detection. type: str long-duration-attack: choices: - disable - enable description: Enable/disable long duration attack detection based on user configured threshold type: str long-duration-thresh: description: Threshold value for long duration attack detection type: int name: description: WIDS profile name. type: str null-ssid-probe-resp: choices: - disable - enable description: Enable/disable null SSID probe response detection type: str rogue-scan: choices: - disable - enable description: Enable/disable rogue AP on-wire scan. type: str sensor-mode: choices: - disable - foreign - both description: Scan WiFi nearby stations type: str spoofed-deauth: choices: - disable - enable description: Enable/disable spoofed de-authentication attack detection type: str weak-wep-iv: choices: - disable - enable description: Enable/disable weak WEP IV type: str wireless-bridge: choices: - disable - enable description: Enable/disable wireless bridge detection type: str type: dict access_token: description: The token to access FortiManager without using username and password. required: false type: str rc_succeeded: description: The rc codes list with which the conditions to succeed will be overriden. elements: int required: false type: list proposed_method: choices: - update - set - add description: The overridden method for the underlying Json RPC request. required: false type: str bypass_validation: default: false description: Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. required: false type: bool workspace_locking_adom: description: The adom to lock for FortiManager running in workspace mode, the value can be global and others including root. required: false type: str forticloud_access_token: description: Authenticate Ansible client with forticloud API access token. required: false type: str workspace_locking_timeout: default: 300 description: The maximum time in seconds to wait for other user to release the workspace lock. required: false type: int
meta: contains: request_url: description: The full url requested. returned: always sample: /sys/login/user type: str response_code: description: The status of api request. returned: always sample: 0 type: int response_data: description: The api response. returned: always type: list response_message: description: The descriptive message of the api response. returned: always sample: OK. type: str system_information: description: The information of the target system. returned: always type: dict description: The result of the request. returned: always type: dict rc: description: The status the request. returned: always sample: 0 type: int version_check_warning: description: Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: complex type: list