fortinet / fortinet.fortianalyzer / 1.4.0 / module / faz_cli_system_global Global range attributes. | "added in version" 1.0.0 of fortinet.fortianalyzer" Authors: Xinwei Du (@dux-fortinet), Link Zheng (@chillancezen), Jie Xue (@JieX19), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu) preview | supported by communityfortinet.fortianalyzer.faz_cli_system_global (1.4.0) — module
Install with ansible-galaxy collection install fortinet.fortianalyzer:==1.4.0
collections: - name: fortinet.fortianalyzer version: 1.4.0
This module is able to configure a FortiAnalyzer device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- name: Example playbook hosts: fortianalyzers connection: httpapi vars: ansible_httpapi_use_ssl: true ansible_httpapi_validate_certs: false ansible_httpapi_port: 443 tasks: - name: Alert console fortinet.fortianalyzer.faz_cli_system_global: enable_log: true cli_system_global: language: english
log_path: default: /tmp/fortianalyzer.ansible.log description: - The path to save log. Used if enable_log is true. - Please use absolute path instead of relative path. - If the log_path setting is incorrect, the log will be saved in /tmp/fortianalyzer.ansible.log required: false type: str rc_failed: description: the rc codes list with which the conditions to fail will be overriden elements: int required: false type: list enable_log: default: false description: Enable/Disable logging for task required: false type: bool access_token: description: The token to access FortiManager without using username and password. required: false type: str rc_succeeded: description: the rc codes list with which the conditions to succeed will be overriden elements: int required: false type: list proposed_method: choices: - set - update - add description: The overridden method for the underlying Json RPC request required: false type: str bypass_validation: default: false description: only set to True when module schema diffs with FortiAnalyzer API structure, module continues to execute without validating parameters required: false type: bool cli_system_global: description: The top level parameters set. required: false suboptions: admin-lockout-duration: description: Lockout duration(sec) for administration. type: int admin-lockout-method: choices: - ip - user description: - Lockout method for administration. - ip - Lockout by IP - user - Lockout by user type: str admin-lockout-threshold: description: Lockout threshold for administration. type: int adom-mode: choices: - normal - advanced description: - ADOM mode. - normal - Normal ADOM mode. - advanced - Advanced ADOM mode. type: str adom-select: choices: - disable - enable description: - Enable/disable select ADOM after login. - disable - Disable select ADOM after login. - enable - Enable select ADOM after login. type: str adom-status: choices: - disable - enable description: - ADOM status. - disable - Disable ADOM mode. - enable - Enable ADOM mode. type: str apache-mode: choices: - event - prefork description: - Set apache mode. - event - Apache event mode. - prefork - Apache prefork mode. type: str api-ip-binding: choices: - disable - enable description: - Enable/disable source IP check for JSON API request. - disable - Disable setting. - enable - Enable setting. type: str backup-compression: choices: - none - low - normal - high description: - Compression level. - none - No compression. - low - Low compression (fastest). - normal - Normal compression. - high - Best compression (slowest). type: str backup-to-subfolders: choices: - disable - enable description: - Enable/disable creation of subfolders on server for backup storage. - disable - Disable creation of subfolders on server for backup storage. - enable - Enable creation of subfolders on server for backup storage. type: str clone-name-option: choices: - default - keep description: - set the clone object names option. - default - Add a prefix of Clone of to the clone name. - keep - Keep the original name for user to edit. type: str clt-cert-req: choices: - disable - enable - optional description: - Require client certificate for GUI login. - disable - Disable setting. - enable - Require client certificate for GUI login. - optional - Optional client certificate for GUI login. type: str console-output: choices: - standard - more description: - Console output mode. - standard - Standard output. - more - More page output. type: str contentpack-fgt-install: choices: - disable - enable description: - Enable/disable outbreak alert auto install for FGT ADOMS . - disable - Disable the sql report auto outbreak auto install. - enable - Enable the sql report auto outbreak auto install. type: str country-flag: choices: - disable - enable description: - Country flag Status. - disable - Disable country flag icon beside ip address. - enable - Enable country flag icon beside ip address. type: str create-revision: choices: - disable - enable description: - Enable/disable create revision by default. - disable - Disable create revision by default. - enable - Enable create revision by default. type: str daylightsavetime: choices: - disable - enable description: - Enable/disable daylight saving time. - disable - Disable setting. - enable - Enable setting. type: str default-logview-auto-completion: choices: - disable - enable description: - Enable/disable log view filter auto-completion. - disable - Disable setting. - enable - Enable setting. type: str default-search-mode: choices: - filter-based - advanced description: - Set the default search mode of log view. - filter-based - Filter based search mode. - advanced - Advanced search mode. type: str detect-unregistered-log-device: choices: - disable - enable description: - Detect unregistered logging device from log message. - disable - Disable attribute function. - enable - Enable attribute function. type: str device-view-mode: choices: - regular - tree description: - Set devices/groups view mode. - regular - Regular view mode. - tree - Tree view mode. type: str dh-params: choices: - '1024' - '1536' - '2048' - '3072' - '4096' - '6144' - '8192' description: - Minimum size of Diffie-Hellman prime for SSH/HTTPS (bits). - 1024 - 1024 bits. - 1536 - 1536 bits. - 2048 - 2048 bits. - 3072 - 3072 bits. - 4096 - 4096 bits. - 6144 - 6144 bits. - 8192 - 8192 bits. type: str disable-module: choices: - fortiview-noc - siem - soar - none - soc - fortirecorder - ai - ot-view description: no description elements: str type: list enc-algorithm: choices: - low - medium - high - custom description: - SSL communication encryption algorithms. - low - SSL communication using all available encryption algorithms. - medium - SSL communication using high and medium encryption algorithms. - high - SSL communication using high encryption algorithms. type: str event-correlation-cache-size: description: Maimum event correlation cache size (GB) type: int fgfm-ca-cert: description: set the extra fgfm CA certificates. type: str fgfm-cert-exclusive: choices: - disable - enable description: - set if the local or CA certificates should be used exclusively. - disable - Used certificate best-effort. - enable - Used certificate exclusive. type: str fgfm-local-cert: description: set the fgfm local certificate. type: str fgfm-ssl-protocol: choices: - sslv3 - tlsv1.0 - tlsv1.1 - tlsv1.2 - tlsv1.3 description: - set the lowest SSL protocols for fgfmsd. - sslv3 - set SSLv3 as the lowest version. - tlsv1.0 - set TLSv1.0 as the lowest version. - tlsv1.1 - set TLSv1.1 as the lowest version. - tlsv1.2 - set TLSv1.2 as the lowest version (default). - tlsv1.3 - set TLSv1.3 as the lowest version. type: str fortiservice-port: description: FortiService port (1 - 65535, default = 8013). Used by FortiClient endpoint compliance. Older versions of FortiClient used a d... type: int gui-curl-timeout: description: GUI curl timeout in seconds (5-300 default 30). type: int gui-polling-interval: description: GUI polling interval in seconds (1-288000 default 5). type: int ha-member-auto-grouping: choices: - disable - enable description: - Enable/disable automatically group HA members feature - disable - Disable automatically grouping HA members feature. - enable - Enable automatically grouping HA members only when group name is unique in your network. type: str hitcount_concurrent: description: The number of FortiGates that FortiManager polls at one time (10 - 500, default = 100). type: int hitcount_interval: description: The interval for getting hit count from managed FortiGate devices, in seconds (60 - 86400, default = 900). type: int hostname: description: System hostname. type: str language: choices: - english - simch - japanese - korean - spanish - trach description: - System global language. - english - English - simch - Simplified Chinese - japanese - Japanese - korean - Korean - spanish - Spanish - trach - Traditional Chinese type: str latitude: description: fmg location latitude type: str ldap-cache-timeout: description: LDAP browser cache timeout (seconds). type: int ldapconntimeout: description: LDAP connection timeout (msec). type: int lock-preempt: choices: - disable - enable description: - Enable/disable ADOM lock override. - disable - Disable lock preempt. - enable - Enable lock preempt. type: str log-checksum: choices: - none - md5 - md5-auth description: - Record log file hash value, timestamp, and authentication code at transmission or rolling. - none - No record log file checksum. - md5 - Record log files MD5 hash value only. - md5-auth - Record log files MD5 hash value and authentication code. type: str log-checksum-upload: choices: - disable - enable description: - Enable/disable upload log checksum with log files. - disable - Disable attribute function. - enable - Enable attribute function. type: str log-forward-cache-size: description: Log forwarding disk cache size (GB). type: int log-forward-plugin-workers: description: Maximum workers for running log forward output plugins, the valid range is 2 to 20 type: int log-mode: choices: - analyzer - collector description: - Log system operation mode. - analyzer - Operation mode is Analyzer - collector - Operation mode is Collector type: str longitude: description: fmg location longitude type: str management-ip: description: Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric. type: str management-port: description: Overriding port for management connection (Overrides admin port). type: int max-aggregation-tasks: description: Maximum number of concurrent tasks of a log aggregation session. type: int max-log-forward: description: Maximum number of log-forward and aggregation settings. type: int max-running-reports: description: Maximum number of reports generating at one time. type: int multiple-steps-upgrade-in-autolink: choices: - disable - enable description: - Enable/disable multiple steps upgade in autolink process - disable - Disable setting. - enable - Enable setting. type: str no-copy-permission-check: choices: - disable - enable description: - Do not perform permission check to block object changes in different adom during copy and install. - disable - Disable setting. - enable - Enable setting. type: str no-vip-value-check: choices: - disable - enable description: - Enable/disable skipping policy instead of throwing error when vip has no default or dynamic mapping during policy copy - disable - Disable setting. - enable - Enable setting. type: str normalized-intf-zone-only: choices: - disable - enable description: - allow normalized interface to be zone only. - disable - Disable SSL low-grade encryption. - enable - Enable SSL low-grade encryption. type: str object-revision-db-max: description: Maximum revisions for a single database (10,000-1,000,000 default 100,000). type: int object-revision-mandatory-note: choices: - disable - enable description: - Enable/disable mandatory note when create revision. - disable - Disable object revision. - enable - Enable object revision. type: str object-revision-object-max: description: Maximum revisions for a single object (10-1000 default 100). type: int object-revision-status: choices: - disable - enable description: - Enable/disable create revision when modify objects. - disable - Disable object revision. - enable - Enable object revision. type: str oftp-ssl-protocol: choices: - sslv3 - tlsv1.0 - tlsv1.1 - tlsv1.2 - tlsv1.3 description: - set the lowest SSL protocols for oftpd. - sslv3 - set SSLv3 as the lowest version. - tlsv1.0 - set TLSv1.0 as the lowest version. - tlsv1.1 - set TLSv1.1 as the lowest version. - tlsv1.2 - set TLSv1.2 as the lowest version (default). - tlsv1.3 - set TLSv1.3 as the lowest version. type: str policy-hit-count: choices: - disable - enable description: - show policy hit count. - disable - Disable policy hit count. - enable - Enable policy hit count. type: str policy-object-icon: choices: - disable - enable description: - show icons of policy objects. - disable - Disable icon of policy objects. - enable - Enable icon of policy objects. type: str policy-object-in-dual-pane: choices: - disable - enable description: - show policies and objects in dual pane. - disable - Disable polices and objects in dual pane. - enable - Enable polices and objects in dual pane. type: str pre-login-banner: choices: - disable - enable description: - Enable/disable pre-login banner. - disable - Disable pre-login banner. - enable - Enable pre-login banner. type: str pre-login-banner-message: description: Pre-login banner message. type: str private-data-encryption: choices: - disable - enable description: - Enable/disable private data encryption using an AES 128-bit key. - disable - Disable private data encryption using an AES 128-bit key. - enable - Enable private data encryption using an AES 128-bit key. type: str remoteauthtimeout: description: Remote authentication (RADIUS/LDAP) timeout (sec). type: int search-all-adoms: choices: - disable - enable description: - Enable/Disable Search all ADOMs for where-used query. - disable - Disable search all ADOMs for where-used queries. - enable - Enable search all ADOMs for where-used queries. type: str ssh-enc-algo: choices: - chacha20-poly1305@openssh.com - aes128-ctr - aes192-ctr - aes256-ctr - arcfour256 - arcfour128 - aes128-cbc - 3des-cbc - blowfish-cbc - cast128-cbc - aes192-cbc - aes256-cbc - arcfour - rijndael-cbc@lysator.liu.se - aes128-gcm@openssh.com - aes256-gcm@openssh.com description: no description elements: str type: list ssh-hostkey-algo: choices: - ssh-rsa - ecdsa-sha2-nistp521 - rsa-sha2-256 - rsa-sha2-512 - ssh-ed25519 description: no description elements: str type: list ssh-kex-algo: choices: - diffie-hellman-group1-sha1 - diffie-hellman-group14-sha1 - diffie-hellman-group14-sha256 - diffie-hellman-group16-sha512 - diffie-hellman-group18-sha512 - diffie-hellman-group-exchange-sha1 - diffie-hellman-group-exchange-sha256 - curve25519-sha256@libssh.org - ecdh-sha2-nistp256 - ecdh-sha2-nistp384 - ecdh-sha2-nistp521 description: no description elements: str type: list ssh-mac-algo: choices: - hmac-md5 - hmac-md5-etm@openssh.com - hmac-md5-96 - hmac-md5-96-etm@openssh.com - hmac-sha1 - hmac-sha1-etm@openssh.com - hmac-sha2-256 - hmac-sha2-256-etm@openssh.com - hmac-sha2-512 - hmac-sha2-512-etm@openssh.com - hmac-ripemd160 - hmac-ripemd160@openssh.com - hmac-ripemd160-etm@openssh.com - umac-64@openssh.com - umac-128@openssh.com - umac-64-etm@openssh.com - umac-128-etm@openssh.com description: no description elements: str type: list ssh-strong-crypto: choices: - disable - enable description: - Only allow strong ciphers for SSH when enabled. - disable - Disable strong crypto for SSH. - enable - Enable strong crypto for SSH. type: str ssl-cipher-suites: description: no description elements: dict suboptions: cipher: description: Cipher name type: str priority: description: SSL/TLS cipher suites priority. type: int version: choices: - tls1.2-or-below - tls1.3 description: - SSL/TLS version the cipher suite can be used with. - tls1.2-or-below - TLS 1.2 or below. - tls1.3 - TLS 1.3 type: str type: list ssl-low-encryption: choices: - disable - enable description: - SSL low-grade encryption. - disable - Disable SSL low-grade encryption. - enable - Enable SSL low-grade encryption. type: str ssl-protocol: choices: - tlsv1.3 - tlsv1.2 - tlsv1.1 - tlsv1.0 - sslv3 description: no description elements: str type: list ssl-static-key-ciphers: choices: - disable - enable description: - Enable/disable SSL static key ciphers. - disable - Disable setting. - enable - Enable setting. type: str table-entry-blink: choices: - disable - enable description: - Enable/disable table entry blink in GUI - disable - Disable setting. - enable - Enable setting. type: str task-list-size: description: Maximum number of completed tasks to keep. type: int tftp: choices: - disable - enable description: - Enable/disable TFTP in `exec restore image` command (disabled by default in FIPS mode) - disable - Disable TFTP - enable - Enable TFTP type: str timezone: choices: - '00' - '01' - '02' - '03' - '04' - '05' - '06' - '07' - 08 - 09 - '10' - '11' - '12' - '13' - '14' - '15' - '16' - '17' - '18' - '19' - '20' - '21' - '22' - '23' - '24' - '25' - '26' - '27' - '28' - '29' - '30' - '31' - '32' - '33' - '34' - '35' - '36' - '37' - '38' - '39' - '40' - '41' - '42' - '43' - '44' - '45' - '46' - '47' - '48' - '49' - '50' - '51' - '52' - '53' - '54' - '55' - '56' - '57' - '58' - '59' - '60' - '61' - '62' - '63' - '64' - '65' - '66' - '67' - '68' - '69' - '70' - '71' - '72' - '73' - '74' - '75' - '76' - '77' - '78' - '79' - '80' - '81' - '82' - '83' - '84' - '85' - '86' - '87' - '88' - '89' - '90' - '91' description: - Time zone. - 00 - (GMT-12:00) Eniwetak, Kwajalein. - 01 - (GMT-11:00) Midway Island, Samoa. - 02 - (GMT-10:00) Hawaii. - 03 - (GMT-9:00) Alaska. - 04 - (GMT-8:00) Pacific Time (US & Canada). - 05 - (GMT-7:00) Arizona. - 06 - (GMT-7:00) Mountain Time (US & Canada). - 07 - (GMT-6:00) Central America. - 08 - (GMT-6:00) Central Time (US & Canada). - 09 - (GMT-6:00) Mexico City. - 10 - (GMT-6:00) Saskatchewan. - 11 - (GMT-5:00) Bogota, Lima, Quito. - 12 - (GMT-5:00) Eastern Time (US & Canada). - 13 - (GMT-5:00) Indiana (East). - 14 - (GMT-4:00) Atlantic Time (Canada). - 15 - (GMT-4:00) La Paz. - 16 - (GMT-4:00) Santiago. - 17 - (GMT-3:30) Newfoundland. - 18 - (GMT-3:00) Brasilia. - 19 - (GMT-3:00) Buenos Aires, Georgetown. - 20 - (GMT-3:00) Nuuk (Greenland). - 21 - (GMT-2:00) Mid-Atlantic (Deprecated). - 22 - (GMT-1:00) Azores. - 23 - (GMT-1:00) Cape Verde Is. - 24 - (GMT) Monrovia. - 25 - (GMT) London, Edinburgh. - 26 - (GMT+1:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna. - 27 - (GMT+1:00) Belgrade, Bratislava, Budapest, Ljubljana, Prague. - 28 - (GMT+1:00) Brussels, Copenhagen, Madrid, Paris. - 29 - (GMT+1:00) Sarajevo, Skopje, Warsaw, Zagreb. - 30 - (GMT+1:00) West Central Africa. - 31 - (GMT+2:00) Athens, Sofia, Vilnius. - 32 - (GMT+2:00) Bucharest. - 33 - (GMT+2:00) Cairo. - 34 - (GMT+2:00) Harare, Pretoria. - 35 - (GMT+2:00) Helsinki, Riga,Tallinn. - 36 - (GMT+2:00) Jerusalem. - 37 - (GMT+3:00) Baghdad. - 38 - (GMT+3:00) Kuwait, Riyadh. - 39 - (GMT+3:00) St.Petersburg, Volgograd. - 40 - (GMT+3:00) Nairobi. - 41 - (GMT+3:30) Tehran. - 42 - (GMT+4:00) Abu Dhabi, Muscat. - 43 - (GMT+4:00) Baku. - 44 - (GMT+4:30) Kabul. - 45 - (GMT+5:00) Ekaterinburg. - 46 - (GMT+5:00) Islamabad, Karachi, Tashkent. - 47 - (GMT+5:30) Calcutta, Chennai, Mumbai, New Delhi. - 48 - (GMT+5:45) Kathmandu. - 49 - (GMT+6:00) Almaty, Novosibirsk. - 50 - (GMT+6:00) Astana, Dhaka. - 51 - (GMT+5:30) Sri Jayawardenepura. - 52 - (GMT+6:30) Rangoon. - 53 - (GMT+7:00) Bangkok, Hanoi, Jakarta. - 54 - (GMT+7:00) Krasnoyarsk. - 55 - (GMT+8:00) Beijing, ChongQing, HongKong, Urumqi. - 56 - (GMT+8:00) Irkutsk, Ulaanbaatar. - 57 - (GMT+8:00) Kuala Lumpur, Singapore. - 58 - (GMT+8:00) Perth. - 59 - (GMT+8:00) Taipei. - 60 - (GMT+9:00) Osaka, Sapporo, Tokyo, Seoul. - 61 - (GMT+9:00) Yakutsk. - 62 - (GMT+9:30) Adelaide. - 63 - (GMT+9:30) Darwin. - 64 - (GMT+10:00) Brisbane. - 65 - (GMT+10:00) Canberra, Melbourne, Sydney. - 66 - (GMT+10:00) Guam, Port Moresby. - 67 - (GMT+10:00) Hobart. - 68 - (GMT+10:00) Vladivostok. - 69 - (GMT+11:00) Magadan. - 70 - (GMT+11:00) Solomon Is., New Caledonia. - 71 - (GMT+12:00) Auckland, Wellington. - 72 - (GMT+12:00) Fiji, Kamchatka, Marshall Is. - 73 - (GMT+13:00) Nukualofa. - 74 - (GMT-4:30) Caracas. - 75 - (GMT+1:00) Namibia. - 76 - (GMT-5:00) Brazil-Acre. - 77 - (GMT-4:00) Brazil-West. - 78 - (GMT-3:00) Brazil-East. - 79 - (GMT-2:00) Brazil-DeNoronha. - 80 - (GMT+14:00) Kiritimati. - 81 - (GMT-7:00) Baja California Sur, Chihuahua. - 82 - (GMT+12:45) Chatham Islands. - 83 - (GMT+3:00) Minsk. - 84 - (GMT+13:00) Samoa. - 85 - (GMT+3:00) Istanbul. - 86 - (GMT-4:00) Paraguay. - 87 - (GMT) Casablanca. - 88 - (GMT+3:00) Moscow. - 89 - (GMT) Greenwich Mean Time. - 90 - (GMT) Dublin. - 91 - (GMT) Lisbon. type: str tunnel-mtu: description: Maximum transportation unit(68 - 9000). type: int usg: choices: - disable - enable description: - Enable/disable Fortiguard server restriction. - disable - Contact any Fortiguard server - enable - Contact Fortiguard server in USA only type: str webservice-proto: choices: - tlsv1.3 - tlsv1.2 - tlsv1.1 - tlsv1.0 - sslv3 - sslv2 description: no description elements: str type: list workflow-max-sessions: description: Maximum number of workflow sessions per ADOM (minimum 100). type: int type: dict forticloud_access_token: description: Authenticate Ansible client with forticloud API access token. required: false type: str
meta: contains: request_url: description: The full url requested returned: always sample: /sys/login/user type: str response_code: description: The status of api request returned: always sample: 0 type: int response_data: description: The api response returned: always type: list response_message: description: The descriptive message of the api response returned: always sample: OK. type: str system_information: description: The information of the target system. returned: always type: dict description: The result of the request. returned: always type: dict rc: description: The status the request. returned: always sample: 0 type: int version_check_warning: description: Warning if the parameters used in the playbook are not supported by the current fortianalyzer version. returned: complex type: list