fortinet / fortinet.fortimanager / 1.0.5 / module / fmgr_pkg_firewall_policy Configure IPv4 policies. | "added in version" 2.10 of fortinet.fortimanager" Authors: Frank Shen (@fshen01), Link Zheng (@zhengl) preview | supported by communityfortinet.fortimanager.fmgr_pkg_firewall_policy (1.0.5) — module
Install with ansible-galaxy collection install fortinet.fortimanager:==1.0.5
collections: - name: fortinet.fortimanager version: 1.0.5
This module is able to configure a FortiManager device by allowing the user to [ add get set update ] the following apis.
/pm/config/adom/{adom}/pkg/{pkg}/firewall/policy
Examples include all parameters and values need to be adjusted to data sources before usage.
- hosts: fortimanager-inventory collections: - fortinet.fortimanager connection: httpapi vars: ansible_httpapi_use_ssl: True ansible_httpapi_validate_certs: False ansible_httpapi_port: 443 tasks: - name: REQUESTING /PM/CONFIG/PKG/{PKG}/FIREWALL/POLICY fmgr_pkg_firewall_policy: loose_validation: False workspace_locking_adom: <value in [global, custom adom]> workspace_locking_timeout: 300 method: <value in [add, set, update]> url_params: adom: <value in [none, global, custom dom]> pkg: <value of string> params: - data: - action: <value in [deny, accept, ipsec, ...]> app-category: <value of string> application: - <value of integer> application-list: <value of string> auth-cert: <value of string> auth-path: <value in [disable, enable]> auth-redirect-addr: <value of string> auto-asic-offload: <value in [disable, enable]> av-profile: <value of string> block-notification: <value in [disable, enable]> captive-portal-exempt: <value in [disable, enable]> capture-packet: <value in [disable, enable]> comments: <value of string> custom-log-fields: <value of string> delay-tcp-npu-session: <value in [disable, enable]> devices: <value of string> diffserv-forward: <value in [disable, enable]> diffserv-reverse: <value in [disable, enable]> diffservcode-forward: <value of string> diffservcode-rev: <value of string> disclaimer: <value in [disable, enable]> dlp-sensor: <value of string> dnsfilter-profile: <value of string> dscp-match: <value in [disable, enable]> dscp-negate: <value in [disable, enable]> dscp-value: <value of string> dsri: <value in [disable, enable]> dstaddr: <value of string> dstaddr-negate: <value in [disable, enable]> dstintf: <value of string> firewall-session-dirty: <value in [check-all, check-new]> fixedport: <value in [disable, enable]> fsso: <value in [disable, enable]> fsso-agent-for-ntlm: <value of string> global-label: <value of string> groups: <value of string> gtp-profile: <value of string> icap-profile: <value of string> identity-based-route: <value of string> inbound: <value in [disable, enable]> internet-service: <value in [disable, enable]> internet-service-custom: <value of string> internet-service-id: <value of string> internet-service-negate: <value in [disable, enable]> ippool: <value in [disable, enable]> ips-sensor: <value of string> label: <value of string> learning-mode: <value in [disable, enable]> logtraffic: <value in [disable, enable, all, ...]> logtraffic-start: <value in [disable, enable]> match-vip: <value in [disable, enable]> mms-profile: <value of string> name: <value of string> nat: <value in [disable, enable]> natinbound: <value in [disable, enable]> natip: <value of string> natoutbound: <value in [disable, enable]> ntlm: <value in [disable, enable]> ntlm-enabled-browsers: - <value of string> ntlm-guest: <value in [disable, enable]> outbound: <value in [disable, enable]> per-ip-shaper: <value of string> permit-any-host: <value in [disable, enable]> permit-stun-host: <value in [disable, enable]> policyid: <value of integer> poolname: <value of string> profile-group: <value of string> profile-protocol-options: <value of string> profile-type: <value in [single, group]> radius-mac-auth-bypass: <value in [disable, enable]> redirect-url: <value of string> replacemsg-override-group: <value of string> rsso: <value in [disable, enable]> rtp-addr: <value of string> rtp-nat: <value in [disable, enable]> scan-botnet-connections: <value in [disable, block, monitor]> schedule: <value of string> schedule-timeout: <value in [disable, enable]> send-deny-packet: <value in [disable, enable]> service: <value of string> service-negate: <value in [disable, enable]> session-ttl: <value of integer> spamfilter-profile: <value of string> srcaddr: <value of string> srcaddr-negate: <value in [disable, enable]> srcintf: <value of string> ssl-mirror: <value in [disable, enable]> ssl-mirror-intf: <value of string> ssl-ssh-profile: <value of string> status: <value in [disable, enable]> tags: <value of string> tcp-mss-receiver: <value of integer> tcp-mss-sender: <value of integer> tcp-session-without-syn: <value in [all, data-only, disable]> timeout-send-rst: <value in [disable, enable]> traffic-shaper: <value of string> traffic-shaper-reverse: <value of string> url-category: <value of string> users: <value of string> utm-status: <value in [disable, enable]> uuid: <value of string> vlan-cos-fwd: <value of integer> vlan-cos-rev: <value of integer> voip-profile: <value of string> vpn_dst_node: - host: <value of string> seq: <value of integer> subnet: <value of string> vpn_src_node: - host: <value of string> seq: <value of integer> subnet: <value of string> vpntunnel: <value of string> waf-profile: <value of string> wanopt: <value in [disable, enable]> wanopt-detection: <value in [active, passive, off]> wanopt-passive-opt: <value in [default, transparent, non-transparent]> wanopt-peer: <value of string> wanopt-profile: <value of string> wccp: <value in [disable, enable]> webcache: <value in [disable, enable]> webcache-https: <value in [disable, ssl-server, any, ...]> webfilter-profile: <value of string> wsso: <value in [disable, enable]> - name: REQUESTING /PM/CONFIG/PKG/{PKG}/FIREWALL/POLICY fmgr_pkg_firewall_policy: loose_validation: False workspace_locking_adom: <value in [global, custom adom]> workspace_locking_timeout: 300 method: <value in [get]> url_params: adom: <value in [none, global, custom dom]> pkg: <value of string> params: - attr: <value of string> fields: - - <value in [action, app-category, application, ...]> filter: - <value of string> get used: <value of integer> loadsub: <value of integer> option: <value in [count, object member, datasrc, ...]> range: - <value of integer> sortings: - varidic.attr_name: <value in [1, -1]>
method: choices: - add - get - set - update description: - The method in request required: true type: str params: description: - The parameters for each method - See full parameters list in https://ansible-galaxy-fortimanager-docs.readthedocs.io/en/latest required: false type: list url_params: description: - The parameters for each API request URL - Also see full URL parameters in https://ansible-galaxy-fortimanager-docs.readthedocs.io/en/latest required: false type: dict loose_validation: description: - Do parameter validation in a loose way required: false type: bool workspace_locking_adom: description: - the adom name to lock in case FortiManager running in workspace mode - it can be global or any other custom adom names required: false type: str workspace_locking_timeout: default: 300 description: - the maximum time in seconds to wait for other user to release the workspace lock required: false type: int
data: description: The payload returned in the request returned: always type: dict status: description: The status of api request returned: always type: dict url: description: The full url requested returned: always sample: /sys/login/user type: str