dux_fortinet / dux_fortinet.fortianalyzer_dev / 1.4.0 / module / faz_cli_system_csf Add this device to a Security Fabric or set up a new Security Fabric on this device. | "added in version" 1.3.0 of dux_fortinet.fortianalyzer_dev" Authors: Xinwei Du (@dux-fortinet), Link Zheng (@chillancezen), Jie Xue (@JieX19), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu) preview | supported by communitydux_fortinet.fortianalyzer_dev.faz_cli_system_csf (1.4.0) — module
Install with ansible-galaxy collection install dux_fortinet.fortianalyzer_dev:==1.4.0
collections: - name: dux_fortinet.fortianalyzer_dev version: 1.4.0
This module is able to configure a FortiAnalyzer device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- name: Example playbook hosts: fortianalyzers connection: httpapi vars: ansible_httpapi_use_ssl: true ansible_httpapi_validate_certs: false ansible_httpapi_port: 443 tasks: - name: Add this device to a Security Fabric or set up a new Security Fabric on this device. fortinet.fortianalyzer.faz_cli_system_csf: # bypass_validation: false # rc_succeeded: [0, -2, -3, ...] # rc_failed: [-2, -3, ...] cli_system_csf: accept_auth_by_cert: <value in [disable, enable]> authorization_request_type: <value in [certificate, serial]> certificate: <value of string> configuration_sync: <value in [default, local]> downstream_access: <value in [disable, enable]> downstream_accprofile: <value of string> fabric_connector: - accprofile: <value of string> configuration_write_access: <value in [disable, enable]> serial: <value of string> fabric_object_unification: <value in [local, default]> fabric_workers: <value of integer> file_mgmt: <value in [disable, enable]> file_quota: <value of integer> file_quota_warning: <value of integer> fixed_key: <value of string> forticloud_account_enforcement: <value in [disable, enable]> group_name: <value of string> group_password: <value of string> log_unification: <value in [disable, enable]> saml_configuration_sync: <value in [local, default]> status: <value in [disable, enable]> trusted_list: - action: <value in [accept, deny]> authorization_type: <value in [serial, certificate]> certificate: <value of string> downstream_authorization: <value in [disable, enable]> ha_members: <value of string> index: <value of integer> name: <value of string> serial: <value of string> upstream: <value of string> upstream_port: <value of integer>
log_path: default: /tmp/fortianalyzer.ansible.log description: - The path to save log. Used if enable_log is true. - Please use absolute path instead of relative path. - If the log_path setting is incorrect, the log will be saved in /tmp/fortianalyzer.ansible.log required: false type: str rc_failed: description: the rc codes list with which the conditions to fail will be overriden elements: int required: false type: list enable_log: default: false description: Enable/Disable logging for task required: false type: bool access_token: description: The token to access FortiManager without using username and password. required: false type: str rc_succeeded: description: the rc codes list with which the conditions to succeed will be overriden elements: int required: false type: list cli_system_csf: description: The top level parameters set. required: false suboptions: accept-auth-by-cert: choices: - disable - enable description: - Accept connections with unknown certificates and ask admin for approval. - disable - Do not accept SSL connections with unknown certificates. - enable - Accept SSL connections without automatic certificate verification. type: str authorization-request-type: choices: - certificate - serial description: - Authorization request type. - certificate - Request verification by certificate. - serial - Request verification by serial number. type: str certificate: description: Certificate. type: str configuration-sync: choices: - default - local description: - Configuration sync mode. - default - Synchronize configuration for IPAM, FortiAnalyzer, FortiSandbox, and Central Management to root node. - local - Do not synchronize configuration with root node. type: str downstream-access: choices: - disable - enable description: - Enable/disable downstream device access to this devices configuration and data. - disable - Disable downstream device access to this devices configuration and data. - enable - Enable downstream device access to this devices configuration and data. type: str downstream-accprofile: description: Default access profile for requests from downstream devices. type: str fabric-connector: description: no description elements: dict suboptions: accprofile: description: Override access profile. type: str configuration-write-access: choices: - disable - enable description: - Enable/disable downstream device write access to configuration. - disable - Disable downstream device write access to configuration. - enable - Enable downstream device write access to configuration. type: str serial: description: Serial. type: str type: list fabric-object-unification: choices: - local - default description: - Fabric CMDB Object Unification. - local - Global CMDB objects will not be synchronized to and from this device. - default - Global CMDB objects will be synchronized in Security Fabric. type: str fabric-workers: description: Number of worker processes for Security Fabric daemon. type: int file-mgmt: choices: - disable - enable description: - Enable/disable Security Fabric daemon file management. - disable - Disable daemon file management. - enable - Enable daemon file management. type: str file-quota: description: Maximum amount of memory that can be used by the daemon files (in bytes). type: int file-quota-warning: description: Warn when the set percentage of quota has been used. type: int fixed-key: description: no description type: str forticloud-account-enforcement: choices: - disable - enable description: - Fabric FortiCloud account unification. - disable - Disable FortiCloud accound ID matching for Security Fabric. - enable - Enable FortiCloud account ID matching for Security Fabric. type: str group-name: description: Security Fabric group name. All FortiGates in a Security Fabric must have the same group name. type: str group-password: description: no description type: str log-unification: choices: - disable - enable description: - Enable/disable broadcast of discovery messages for log unification. - disable - Disable broadcast of discovery messages for log unification. - enable - Enable broadcast of discovery messages for log unification. type: str saml-configuration-sync: choices: - local - default description: - SAML setting configuration synchronization. - local - Do not apply SAML configuration generated by root. - default - SAML setting for fabric members is created by fabric root. type: str status: choices: - disable - enable description: - Enable/disable Security Fabric. - disable - Disable Security Fabric. - enable - Enable Security Fabric. type: str trusted-list: description: no description elements: dict suboptions: action: choices: - accept - deny description: - Security fabric authorization action. - accept - Accept authorization request. - deny - Deny authorization request. type: str authorization-type: choices: - serial - certificate description: - Authorization type. - serial - Verify downstream by serial number. - certificate - Verify downstream by certificate. type: str certificate: description: Certificate. type: str downstream-authorization: choices: - disable - enable description: - Trust authorizations by this nodes administrator. - disable - Disable downstream authorization. - enable - Enable downstream authorization. type: str ha-members: description: HA members. type: str index: description: Index of the downstream in tree. type: int name: description: Name. type: str serial: description: Serial. type: str type: list upstream: description: IP/FQDN of the FortiGate upstream from this FortiGate in the Security Fabric. type: str upstream-port: description: The port number to use to communicate with the FortiGate upstream from this FortiGate in the Security Fabric (default = 8013). type: int type: dict proposed_method: choices: - set - update - add description: The overridden method for the underlying Json RPC request required: false type: str bypass_validation: default: false description: only set to True when module schema diffs with FortiAnalyzer API structure, module continues to execute without validating parameters required: false type: bool forticloud_access_token: description: Authenticate Ansible client with forticloud API access token. required: false type: str
meta: contains: request_url: description: The full url requested returned: always sample: /sys/login/user type: str response_code: description: The status of api request returned: always sample: 0 type: int response_data: description: The api response returned: always type: list response_message: description: The descriptive message of the api response returned: always sample: OK. type: str system_information: description: The information of the target system. returned: always type: dict description: The result of the request. returned: always type: dict rc: description: The status the request. returned: always sample: 0 type: int version_check_warning: description: Warning if the parameters used in the playbook are not supported by the current fortianalyzer version. returned: complex type: list