fortinet / fortinet.fortimanager / 2.4.0 / module / fmgr_firewall_profileprotocoloptions Configure protocol options. | "added in version" 2.0.0 of fortinet.fortimanager" Authors: Xinwei Du (@dux-fortinet), Xing Li (@lix-fortinet), Jie Xue (@JieX19), Link Zheng (@chillancezen), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu) preview | supported by communityfortinet.fortimanager.fmgr_firewall_profileprotocoloptions (2.4.0) — module
Install with ansible-galaxy collection install fortinet.fortimanager:==2.4.0
collections: - name: fortinet.fortimanager version: 2.4.0
This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- name: Example playbook hosts: fortimanagers connection: httpapi vars: ansible_httpapi_use_ssl: true ansible_httpapi_validate_certs: false ansible_httpapi_port: 443 tasks: - name: Configure protocol options. fortinet.fortimanager.fmgr_firewall_profileprotocoloptions: bypass_validation: false adom: ansible state: present firewall_profileprotocoloptions: comment: "ansible-comment" name: "ansible-test"
- name: Gathering fortimanager facts hosts: fortimanagers gather_facts: false connection: httpapi vars: ansible_httpapi_use_ssl: true ansible_httpapi_validate_certs: false ansible_httpapi_port: 443 tasks: - name: Retrieve all the profile protocol options fortinet.fortimanager.fmgr_fact: facts: selector: "firewall_profileprotocoloptions" params: adom: "ansible" profile-protocol-options: "your_value"
adom: description: The parameter (adom) in requested url. required: true type: str state: choices: - present - absent description: The directive to create, update or delete an object. required: true type: str rc_failed: description: The rc codes list with which the conditions to fail will be overriden. elements: int type: list enable_log: default: false description: Enable/Disable logging for task. type: bool access_token: description: The token to access FortiManager without using username and password. type: str rc_succeeded: description: The rc codes list with which the conditions to succeed will be overriden. elements: int type: list proposed_method: choices: - update - set - add description: The overridden method for the underlying Json RPC request. type: str bypass_validation: default: false description: Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. type: bool workspace_locking_adom: description: The adom to lock for FortiManager running in workspace mode, the value can be global and others including root. type: str forticloud_access_token: description: Authenticate Ansible client with forticloud API access token. type: str workspace_locking_timeout: default: 300 description: The maximum time in seconds to wait for other user to release the workspace lock. type: int firewall_profileprotocoloptions: description: The top level parameters set. required: false suboptions: cifs: description: No description. suboptions: domain-controller: description: Deprecated, please rename it to domain_controller. Domain for which to decrypt CIFS traffic. type: str file-filter: description: Deprecated, please rename it to file_filter. suboptions: entries: description: Entries. elements: dict suboptions: action: choices: - log - block description: Action taken for matched file. type: str comment: description: Comment. type: str direction: choices: - any - incoming - outgoing description: Match files transmitted in the sessions originating or reply direction. type: str file-type: description: (list) Deprecated, please rename it to file_type. Select file type. type: raw filter: description: Add a file filter. type: str protocol: choices: - cifs description: Protocols to apply with. elements: str type: list type: list log: choices: - disable - enable description: Enable/disable file filter logging. type: str status: choices: - disable - enable description: Enable/disable file filter. type: str type: dict options: choices: - oversize description: One or more options that can be applied to the session. elements: str type: list oversize-limit: description: Deprecated, please rename it to oversize_limit. Maximum in-memory file size that can be scanned type: int ports: description: (list) Ports to scan for content type: raw scan-bzip2: choices: - disable - enable description: Deprecated, please rename it to scan_bzip2. Enable/disable scanning of BZip2 compressed files. type: str server-credential-type: choices: - none - credential-replication - credential-keytab description: Deprecated, please rename it to server_credential_type. CIFS server credential type. type: str server-keytab: description: Deprecated, please rename it to server_keytab. Server-Keytab. elements: dict suboptions: keytab: description: Base64 encoded keytab file containing credential of the server. type: str password: description: (list) Password for keytab. type: raw principal: description: Service principal. type: str type: list status: choices: - disable - enable description: Enable/disable the active status of scanning for this protocol. type: str tcp-window-maximum: description: Deprecated, please rename it to tcp_window_maximum. Maximum dynamic TCP window size type: int tcp-window-minimum: description: Deprecated, please rename it to tcp_window_minimum. Minimum dynamic TCP window size type: int tcp-window-size: description: Deprecated, please rename it to tcp_window_size. Set TCP static window size type: int tcp-window-type: choices: - system - static - dynamic - auto-tuning description: Deprecated, please rename it to tcp_window_type. Specify type of TCP window to use for this protocol. type: str uncompressed-nest-limit: description: Deprecated, please rename it to uncompressed_nest_limit. Maximum nested levels of compression that can be uncompre... type: int uncompressed-oversize-limit: description: Deprecated, please rename it to uncompressed_oversize_limit. Maximum in-memory uncompressed file size that can be ... type: int type: dict comment: description: Optional comments. type: str dns: description: No description. suboptions: ports: description: (list) Ports to scan for content type: raw status: choices: - disable - enable description: Enable/disable the active status of scanning for this protocol. type: str type: dict feature-set: choices: - proxy - flow description: Deprecated, please rename it to feature_set. Flow/proxy feature set. type: str ftp: description: No description. suboptions: comfort-amount: description: Deprecated, please rename it to comfort_amount. Amount of data to send in a transmission for client comforting type: int comfort-interval: description: Deprecated, please rename it to comfort_interval. Period of time between start, or last transmission, and the next... type: int explicit-ftp-tls: choices: - disable - enable description: Deprecated, please rename it to explicit_ftp_tls. Enable/disable FTP redirection for explicit FTPS. type: str inspect-all: choices: - disable - enable description: Deprecated, please rename it to inspect_all. Enable/disable the inspection of all ports for the protocol. type: str options: choices: - clientcomfort - no-content-summary - oversize - splice - bypass-rest-command - bypass-mode-command description: One or more options that can be applied to the session. elements: str type: list oversize-limit: description: Deprecated, please rename it to oversize_limit. Maximum in-memory file size that can be scanned type: int ports: description: (list) Ports to scan for content type: raw scan-bzip2: choices: - disable - enable description: Deprecated, please rename it to scan_bzip2. Enable/disable scanning of BZip2 compressed files. type: str ssl-offloaded: choices: - 'no' - 'yes' description: Deprecated, please rename it to ssl_offloaded. SSL decryption and encryption performed by an external device. type: str status: choices: - disable - enable description: Enable/disable the active status of scanning for this protocol. type: str stream-based-uncompressed-limit: description: Deprecated, please rename it to stream_based_uncompressed_limit. Maximum stream-based uncompressed data size that ... type: int tcp-window-maximum: description: Deprecated, please rename it to tcp_window_maximum. Maximum dynamic TCP window size. type: int tcp-window-minimum: description: Deprecated, please rename it to tcp_window_minimum. Minimum dynamic TCP window size. type: int tcp-window-size: description: Deprecated, please rename it to tcp_window_size. Set TCP static window size. type: int tcp-window-type: choices: - system - static - dynamic - auto-tuning description: Deprecated, please rename it to tcp_window_type. TCP window type to use for this protocol. type: str uncompressed-nest-limit: description: Deprecated, please rename it to uncompressed_nest_limit. Maximum nested levels of compression that can be uncompre... type: int uncompressed-oversize-limit: description: Deprecated, please rename it to uncompressed_oversize_limit. Maximum in-memory uncompressed file size that can be ... type: int type: dict http: description: No description. suboptions: address-ip-rating: choices: - disable - enable description: Deprecated, please rename it to address_ip_rating. Enable/disable IP based URL rating. type: str block-page-status-code: description: Deprecated, please rename it to block_page_status_code. Code number returned for blocked HTTP pages type: int comfort-amount: description: Deprecated, please rename it to comfort_amount. Amount of data to send in a transmission for client comforting type: int comfort-interval: description: Deprecated, please rename it to comfort_interval. Period of time between start, or last transmission, and the next... type: int fortinet-bar: choices: - disable - enable description: Deprecated, please rename it to fortinet_bar. Enable/disable Fortinet bar on HTML content. type: str fortinet-bar-port: description: Deprecated, please rename it to fortinet_bar_port. Port for use by Fortinet Bar type: int h2c: choices: - disable - enable description: Enable/disable h2c HTTP connection upgrade. type: str http-policy: choices: - disable - enable description: Deprecated, please rename it to http_policy. Enable/disable HTTP policy check. type: str inspect-all: choices: - disable - enable description: Deprecated, please rename it to inspect_all. Enable/disable the inspection of all ports for the protocol. type: str options: choices: - oversize - chunkedbypass - clientcomfort - no-content-summary - servercomfort description: One or more options that can be applied to the session. elements: str type: list oversize-limit: description: Deprecated, please rename it to oversize_limit. Maximum in-memory file size that can be scanned type: int ports: description: (list) Ports to scan for content type: raw post-lang: choices: - jisx0201 - jisx0208 - jisx0212 - gb2312 - ksc5601-ex - euc-jp - sjis - iso2022-jp - iso2022-jp-1 - iso2022-jp-2 - euc-cn - ces-gbk - hz - ces-big5 - euc-kr - iso2022-jp-3 - iso8859-1 - tis620 - cp874 - cp1252 - cp1251 description: Deprecated, please rename it to post_lang. ID codes for character sets to be used to convert to UTF-8 for banned w... elements: str type: list proxy-after-tcp-handshake: choices: - disable - enable description: Deprecated, please rename it to proxy_after_tcp_handshake. Proxy traffic after the TCP 3-way handshake has been es... type: str range-block: choices: - disable - enable description: Deprecated, please rename it to range_block. Enable/disable blocking of partial downloads. type: str retry-count: description: Deprecated, please rename it to retry_count. Number of attempts to retry HTTP connection type: int scan-bzip2: choices: - disable - enable description: Deprecated, please rename it to scan_bzip2. Enable/disable scanning of BZip2 compressed files. type: str ssl-offloaded: choices: - 'no' - 'yes' description: Deprecated, please rename it to ssl_offloaded. SSL decryption and encryption performed by an external device. type: str status: choices: - disable - enable description: Enable/disable the active status of scanning for this protocol. type: str stream-based-uncompressed-limit: description: Deprecated, please rename it to stream_based_uncompressed_limit. Maximum stream-based uncompressed data size that ... type: int streaming-content-bypass: choices: - disable - enable description: Deprecated, please rename it to streaming_content_bypass. Enable/disable bypassing of streaming content from buffe... type: str strip-x-forwarded-for: choices: - disable - enable description: Deprecated, please rename it to strip_x_forwarded_for. Enable/disable stripping of HTTP X-Forwarded-For header. type: str switching-protocols: choices: - bypass - block description: Deprecated, please rename it to switching_protocols. Bypass from scanning, or block a connection that attempts to ... type: str tcp-window-maximum: description: Deprecated, please rename it to tcp_window_maximum. Maximum dynamic TCP window size type: int tcp-window-minimum: description: Deprecated, please rename it to tcp_window_minimum. Minimum dynamic TCP window size type: int tcp-window-size: description: Deprecated, please rename it to tcp_window_size. Set TCP static window size type: int tcp-window-type: choices: - system - static - dynamic - auto-tuning description: Deprecated, please rename it to tcp_window_type. Specify type of TCP window to use for this protocol. type: str tunnel-non-http: choices: - disable - enable description: Deprecated, please rename it to tunnel_non_http. Configure how to process non-HTTP traffic when a profile configur... type: str uncompressed-nest-limit: description: Deprecated, please rename it to uncompressed_nest_limit. Maximum nested levels of compression that can be uncompre... type: int uncompressed-oversize-limit: description: Deprecated, please rename it to uncompressed_oversize_limit. Maximum in-memory uncompressed file size that can be ... type: int unknown-content-encoding: choices: - block - inspect - bypass description: Deprecated, please rename it to unknown_content_encoding. Configure the action the FortiGate unit will take on unk... type: str unknown-http-version: choices: - best-effort - reject - tunnel description: Deprecated, please rename it to unknown_http_version. How to handle HTTP sessions that do not comply with HTTP 0. type: str verify-dns-for-policy-matching: choices: - disable - enable description: Deprecated, please rename it to verify_dns_for_policy_matching. Enable/disable verification of DNS for policy matc... type: str type: dict imap: description: No description. suboptions: inspect-all: choices: - disable - enable description: Deprecated, please rename it to inspect_all. Enable/disable the inspection of all ports for the protocol. type: str options: choices: - oversize - fragmail - no-content-summary description: One or more options that can be applied to the session. elements: str type: list oversize-limit: description: Deprecated, please rename it to oversize_limit. Maximum in-memory file size that can be scanned type: int ports: description: (list) Ports to scan for content type: raw proxy-after-tcp-handshake: choices: - disable - enable description: Deprecated, please rename it to proxy_after_tcp_handshake. Proxy traffic after the TCP 3-way handshake has been es... type: str scan-bzip2: choices: - disable - enable description: Deprecated, please rename it to scan_bzip2. Enable/disable scanning of BZip2 compressed files. type: str ssl-offloaded: choices: - 'no' - 'yes' description: Deprecated, please rename it to ssl_offloaded. SSL decryption and encryption performed by an external device. type: str status: choices: - disable - enable description: Enable/disable the active status of scanning for this protocol. type: str uncompressed-nest-limit: description: Deprecated, please rename it to uncompressed_nest_limit. Maximum nested levels of compression that can be uncompre... type: int uncompressed-oversize-limit: description: Deprecated, please rename it to uncompressed_oversize_limit. Maximum in-memory uncompressed file size that can be ... type: int type: dict mail-signature: description: Deprecated, please rename it to mail_signature. suboptions: signature: description: Email signature to be added to outgoing email type: str status: choices: - disable - enable description: Enable/disable adding an email signature to SMTP email messages as they pass through the FortiGate. type: str type: dict mapi: description: No description. suboptions: options: choices: - fragmail - oversize - no-content-summary description: One or more options that can be applied to the session. elements: str type: list oversize-limit: description: Deprecated, please rename it to oversize_limit. Maximum in-memory file size that can be scanned type: int ports: description: (list) Ports to scan for content type: raw scan-bzip2: choices: - disable - enable description: Deprecated, please rename it to scan_bzip2. Enable/disable scanning of BZip2 compressed files. type: str status: choices: - disable - enable description: Enable/disable the active status of scanning for this protocol. type: str uncompressed-nest-limit: description: Deprecated, please rename it to uncompressed_nest_limit. Maximum nested levels of compression that can be uncompre... type: int uncompressed-oversize-limit: description: Deprecated, please rename it to uncompressed_oversize_limit. Maximum in-memory uncompressed file size that can be ... type: int type: dict name: description: Name. required: true type: str nntp: description: No description. suboptions: inspect-all: choices: - disable - enable description: Deprecated, please rename it to inspect_all. Enable/disable the inspection of all ports for the protocol. type: str options: choices: - oversize - no-content-summary - splice description: One or more options that can be applied to the session. elements: str type: list oversize-limit: description: Deprecated, please rename it to oversize_limit. Maximum in-memory file size that can be scanned type: int ports: description: (list) Ports to scan for content type: raw proxy-after-tcp-handshake: choices: - disable - enable description: Deprecated, please rename it to proxy_after_tcp_handshake. Proxy traffic after the TCP 3-way handshake has been es... type: str scan-bzip2: choices: - disable - enable description: Deprecated, please rename it to scan_bzip2. Enable/disable scanning of BZip2 compressed files. type: str status: choices: - disable - enable description: Enable/disable the active status of scanning for this protocol. type: str uncompressed-nest-limit: description: Deprecated, please rename it to uncompressed_nest_limit. Maximum nested levels of compression that can be uncompre... type: int uncompressed-oversize-limit: description: Deprecated, please rename it to uncompressed_oversize_limit. Maximum in-memory uncompressed file size that can be ... type: int type: dict oversize-log: choices: - disable - enable description: Deprecated, please rename it to oversize_log. Enable/disable logging for antivirus oversize file blocking. type: str pop3: description: No description. suboptions: inspect-all: choices: - disable - enable description: Deprecated, please rename it to inspect_all. Enable/disable the inspection of all ports for the protocol. type: str options: choices: - oversize - fragmail - no-content-summary description: One or more options that can be applied to the session. elements: str type: list oversize-limit: description: Deprecated, please rename it to oversize_limit. Maximum in-memory file size that can be scanned type: int ports: description: (list) Ports to scan for content type: raw proxy-after-tcp-handshake: choices: - disable - enable description: Deprecated, please rename it to proxy_after_tcp_handshake. Proxy traffic after the TCP 3-way handshake has been es... type: str scan-bzip2: choices: - disable - enable description: Deprecated, please rename it to scan_bzip2. Enable/disable scanning of BZip2 compressed files. type: str ssl-offloaded: choices: - 'no' - 'yes' description: Deprecated, please rename it to ssl_offloaded. SSL decryption and encryption performed by an external device. type: str status: choices: - disable - enable description: Enable/disable the active status of scanning for this protocol. type: str uncompressed-nest-limit: description: Deprecated, please rename it to uncompressed_nest_limit. Maximum nested levels of compression that can be uncompre... type: int uncompressed-oversize-limit: description: Deprecated, please rename it to uncompressed_oversize_limit. Maximum in-memory uncompressed file size that can be ... type: int type: dict replacemsg-group: description: Deprecated, please rename it to replacemsg_group. Name of the replacement message group to be used type: str rpc-over-http: choices: - disable - enable description: Deprecated, please rename it to rpc_over_http. Enable/disable inspection of RPC over HTTP. type: str smtp: description: No description. suboptions: inspect-all: choices: - disable - enable description: Deprecated, please rename it to inspect_all. Enable/disable the inspection of all ports for the protocol. type: str options: choices: - oversize - fragmail - no-content-summary - splice description: One or more options that can be applied to the session. elements: str type: list oversize-limit: description: Deprecated, please rename it to oversize_limit. Maximum in-memory file size that can be scanned type: int ports: description: (list) Ports to scan for content type: raw proxy-after-tcp-handshake: choices: - disable - enable description: Deprecated, please rename it to proxy_after_tcp_handshake. Proxy traffic after the TCP 3-way handshake has been es... type: str scan-bzip2: choices: - disable - enable description: Deprecated, please rename it to scan_bzip2. Enable/disable scanning of BZip2 compressed files. type: str server-busy: choices: - disable - enable description: Deprecated, please rename it to server_busy. Enable/disable SMTP server busy when server not available. type: str ssl-offloaded: choices: - 'no' - 'yes' description: Deprecated, please rename it to ssl_offloaded. SSL decryption and encryption performed by an external device. type: str status: choices: - disable - enable description: Enable/disable the active status of scanning for this protocol. type: str uncompressed-nest-limit: description: Deprecated, please rename it to uncompressed_nest_limit. Maximum nested levels of compression that can be uncompre... type: int uncompressed-oversize-limit: description: Deprecated, please rename it to uncompressed_oversize_limit. Maximum in-memory uncompressed file size that can be ... type: int type: dict ssh: description: No description. suboptions: comfort-amount: description: Deprecated, please rename it to comfort_amount. Amount of data to send in a transmission for client comforting type: int comfort-interval: description: Deprecated, please rename it to comfort_interval. Period of time between start, or last transmission, and the next... type: int options: choices: - oversize - clientcomfort - servercomfort description: One or more options that can be applied to the session. elements: str type: list oversize-limit: description: Deprecated, please rename it to oversize_limit. Maximum in-memory file size that can be scanned type: int scan-bzip2: choices: - disable - enable description: Deprecated, please rename it to scan_bzip2. Enable/disable scanning of BZip2 compressed files. type: str ssl-offloaded: choices: - 'no' - 'yes' description: Deprecated, please rename it to ssl_offloaded. SSL decryption and encryption performed by an external device. type: str stream-based-uncompressed-limit: description: Deprecated, please rename it to stream_based_uncompressed_limit. Maximum stream-based uncompressed data size that ... type: int tcp-window-maximum: description: Deprecated, please rename it to tcp_window_maximum. Maximum dynamic TCP window size. type: int tcp-window-minimum: description: Deprecated, please rename it to tcp_window_minimum. Minimum dynamic TCP window size. type: int tcp-window-size: description: Deprecated, please rename it to tcp_window_size. Set TCP static window size. type: int tcp-window-type: choices: - system - static - dynamic - auto-tuning description: Deprecated, please rename it to tcp_window_type. TCP window type to use for this protocol. type: str uncompressed-nest-limit: description: Deprecated, please rename it to uncompressed_nest_limit. Maximum nested levels of compression that can be uncompre... type: int uncompressed-oversize-limit: description: Deprecated, please rename it to uncompressed_oversize_limit. Maximum in-memory uncompressed file size that can be ... type: int type: dict switching-protocols-log: choices: - disable - enable description: Deprecated, please rename it to switching_protocols_log. Enable/disable logging for HTTP/HTTPS switching protocols. type: str type: dict
meta: contains: request_url: description: The full url requested. returned: always sample: /sys/login/user type: str response_code: description: The status of api request. returned: always sample: 0 type: int response_data: description: The api response. returned: always type: list response_message: description: The descriptive message of the api response. returned: always sample: OK. type: str system_information: description: The information of the target system. returned: always type: dict description: The result of the request. returned: always type: dict rc: description: The status the request. returned: always sample: 0 type: int version_check_warning: description: Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: complex type: list