fortinet / fortinet.fortimanager / 2.4.0 / module / fmgr_webfilter_profile Configure Web filter profiles. | "added in version" 1.0.0 of fortinet.fortimanager" Authors: Xinwei Du (@dux-fortinet), Xing Li (@lix-fortinet), Jie Xue (@JieX19), Link Zheng (@chillancezen), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu) preview | supported by communityfortinet.fortimanager.fmgr_webfilter_profile (2.4.0) — module
Install with ansible-galaxy collection install fortinet.fortimanager:==2.4.0
collections: - name: fortinet.fortimanager version: 2.4.0
This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- name: Example playbook (generated based on argument schema) hosts: fortimanagers connection: httpapi vars: ansible_httpapi_use_ssl: true ansible_httpapi_validate_certs: false ansible_httpapi_port: 443 tasks: - name: Configure Web filter profiles. fortinet.fortimanager.fmgr_webfilter_profile: # bypass_validation: false workspace_locking_adom: <value in [global, custom adom including root]> workspace_locking_timeout: 300 # rc_succeeded: [0, -2, -3, ...] # rc_failed: [-2, -3, ...] adom: <your own value> state: present # <value in [present, absent]> webfilter_profile: comment: <string> extended_log: <value in [disable, enable]> https_replacemsg: <value in [disable, enable]> inspection_mode: <value in [proxy, flow-based, dns]> log_all_url: <value in [disable, enable]> name: <string> options: - block-invalid-url - jscript - js - vbs - unknown - wf-referer - https-scan - intrinsic - wf-cookie - per-user-bwl - activexfilter - cookiefilter - https-url-scan - javafilter - rangeblock - contenttype-check - per-user-bal ovrd_perm: - bannedword-override - urlfilter-override - fortiguard-wf-override - contenttype-check-override post_action: <value in [normal, comfort, block]> replacemsg_group: <string> web_content_log: <value in [disable, enable]> web_extended_all_action_log: <value in [disable, enable]> web_filter_activex_log: <value in [disable, enable]> web_filter_applet_log: <value in [disable, enable]> web_filter_command_block_log: <value in [disable, enable]> web_filter_cookie_log: <value in [disable, enable]> web_filter_cookie_removal_log: <value in [disable, enable]> web_filter_js_log: <value in [disable, enable]> web_filter_jscript_log: <value in [disable, enable]> web_filter_referer_log: <value in [disable, enable]> web_filter_unknown_log: <value in [disable, enable]> web_filter_vbs_log: <value in [disable, enable]> web_ftgd_err_log: <value in [disable, enable]> web_ftgd_quota_usage: <value in [disable, enable]> web_invalid_domain_log: <value in [disable, enable]> web_url_log: <value in [disable, enable]> wisp: <value in [disable, enable]> wisp_algorithm: <value in [auto-learning, primary-secondary, round-robin]> wisp_servers: <list or string> youtube_channel_filter: - channel_id: <string> comment: <string> id: <integer> youtube_channel_status: <value in [disable, blacklist, whitelist]> feature_set: <value in [proxy, flow]> web_antiphishing_log: <value in [disable, enable]> antiphish: check_basic_auth: <value in [disable, enable]> check_uri: <value in [disable, enable]> check_username_only: <value in [disable, enable]> custom_patterns: - category: <value in [username, password]> pattern: <string> type: <value in [regex, literal]> default_action: <value in [log, block, exempt]> domain_controller: <string> inspection_entries: - action: <value in [log, block, exempt]> fortiguard_category: <list or string> name: <string> max_body_len: <integer> status: <value in [disable, enable]> authentication: <value in [domain-controller, ldap]> ldap: <string> ftgd_wf: exempt_quota: <list or string> filters: - action: <value in [block, monitor, warning, ...]> auth_usr_grp: <list or string> category: <string> id: <integer> log: <value in [disable, enable]> override_replacemsg: <string> warn_duration: <string> warning_duration_type: <value in [session, timeout]> warning_prompt: <value in [per-domain, per-category]> max_quota_timeout: <integer> options: - error-allow - http-err-detail - rate-image-urls - strict-blocking - rate-server-ip - redir-block - connect-request-bypass - log-all-url - ftgd-disable ovrd: <list or string> quota: - category: <list or string> duration: <string> id: <integer> override_replacemsg: <string> type: <value in [time, traffic]> unit: <value in [B, KB, MB, ...]> value: <integer> rate_crl_urls: <value in [disable, enable]> rate_css_urls: <value in [disable, enable]> rate_image_urls: <value in [disable, enable]> rate_javascript_urls: <value in [disable, enable]> category_override: <string> override: ovrd_cookie: <value in [deny, allow]> ovrd_dur: <string> ovrd_dur_mode: <value in [constant, ask]> ovrd_scope: <value in [user, user-group, ip, ...]> ovrd_user_group: <list or string> profile: <list or string> profile_attribute: <value in [User-Name, User-Password, CHAP-Password, ...]> profile_type: <value in [list, radius]> url_extraction: redirect_header: <string> redirect_no_content: <value in [disable, enable]> redirect_url: <string> server_fqdn: <string> status: <value in [disable, enable]> web: blacklist: <value in [disable, enable]> bword_table: <string> bword_threshold: <integer> content_header_list: <string> keyword_match: <list or string> log_search: <value in [disable, enable]> safe_search: - google - yahoo - bing - url - header urlfilter_table: <string> whitelist: - exempt-av - exempt-webcontent - exempt-activex-java-cookie - exempt-dlp - exempt-rangeblock - extended-log-others youtube_restrict: <value in [strict, none, moderate]> allowlist: - exempt-av - exempt-webcontent - exempt-activex-java-cookie - exempt-dlp - exempt-rangeblock - extended-log-others blocklist: <value in [disable, enable]> vimeo_restrict: <string> file_filter: entries: - action: <value in [log, block]> comment: <string> direction: <value in [any, incoming, outgoing]> encryption: <value in [any, yes]> file_type: <list or string> filter: <string> password_protected: <value in [any, yes]> protocol: - http - ftp log: <value in [disable, enable]> scan_archive_contents: <value in [disable, enable]> status: <value in [disable, enable]> web_flow_log_encoding: <value in [utf-8, punycode]>
adom: description: The parameter (adom) in requested url. required: true type: str state: choices: - present - absent description: The directive to create, update or delete an object. required: true type: str rc_failed: description: The rc codes list with which the conditions to fail will be overriden. elements: int type: list enable_log: default: false description: Enable/Disable logging for task. type: bool access_token: description: The token to access FortiManager without using username and password. type: str rc_succeeded: description: The rc codes list with which the conditions to succeed will be overriden. elements: int type: list proposed_method: choices: - update - set - add description: The overridden method for the underlying Json RPC request. type: str bypass_validation: default: false description: Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. type: bool webfilter_profile: description: The top level parameters set. required: false suboptions: antiphish: description: No description. suboptions: authentication: choices: - domain-controller - ldap description: Authentication methods. type: str check-basic-auth: choices: - disable - enable description: Deprecated, please rename it to check_basic_auth. Enable/disable checking of HTTP Basic Auth field for known crede... type: str check-uri: choices: - disable - enable description: Deprecated, please rename it to check_uri. Enable/disable checking of GET URI parameters for known credentials. type: str check-username-only: choices: - disable - enable description: Deprecated, please rename it to check_username_only. Enable/disable acting only on valid username credentials. type: str custom-patterns: description: Deprecated, please rename it to custom_patterns. Custom-Patterns. elements: dict suboptions: category: choices: - username - password description: Category that the pattern matches. type: str pattern: description: Target pattern. type: str type: choices: - regex - literal description: Pattern will be treated either as a regex pattern or literal string. type: str type: list default-action: choices: - log - block - exempt description: Deprecated, please rename it to default_action. Action to be taken when there is no matching rule. type: str domain-controller: description: Deprecated, please rename it to domain_controller. Domain for which to verify received credentials against. type: str inspection-entries: description: Deprecated, please rename it to inspection_entries. Inspection-Entries. elements: dict suboptions: action: choices: - log - block - exempt description: Action to be taken upon an AntiPhishing match. type: str fortiguard-category: description: (list) Deprecated, please rename it to fortiguard_category. FortiGuard category to match. type: raw name: description: Inspection target name. type: str type: list ldap: description: LDAP server for which to verify received credentials against. type: str max-body-len: description: Deprecated, please rename it to max_body_len. Maximum size of a POST body to check for credentials. type: int status: choices: - disable - enable description: Toggle AntiPhishing functionality. type: str type: dict comment: description: Optional comments. type: str extended-log: choices: - disable - enable description: Deprecated, please rename it to extended_log. Enable/disable extended logging for web filtering. type: str feature-set: choices: - proxy - flow description: Deprecated, please rename it to feature_set. Flow/proxy feature set. type: str file-filter: description: Deprecated, please rename it to file_filter. suboptions: entries: description: No description. elements: dict suboptions: action: choices: - log - block description: Action taken for matched file. type: str comment: description: Comment. type: str direction: choices: - any - incoming - outgoing description: Match files transmitted in the sessions originating or reply direction. type: str encryption: choices: - any - 'yes' description: No description. type: str file-type: description: (list) Deprecated, please rename it to file_type. type: raw filter: description: Add a file filter. type: str password-protected: choices: - any - 'yes' description: Deprecated, please rename it to password_protected. Match password-protected files. type: str protocol: choices: - http - ftp description: No description. elements: str type: list type: list log: choices: - disable - enable description: Enable/disable file filter logging. type: str scan-archive-contents: choices: - disable - enable description: Deprecated, please rename it to scan_archive_contents. Enable/disable file filter archive contents scan. type: str status: choices: - disable - enable description: Enable/disable file filter. type: str type: dict ftgd-wf: description: Deprecated, please rename it to ftgd_wf. suboptions: category-override: description: Deprecated, please rename it to category_override. Local categories take precedence over FortiGuard categories. type: str exempt-quota: description: (list or str) Deprecated, please rename it to exempt_quota. Do not stop quota for these categories. type: raw filters: description: Filters. elements: dict suboptions: action: choices: - block - monitor - warning - authenticate description: Action to take for matches. type: str auth-usr-grp: description: (list or str) Deprecated, please rename it to auth_usr_grp. Groups with permission to authenticate. type: raw category: description: Categories and groups the filter examines. type: str id: description: ID number. type: int log: choices: - disable - enable description: Enable/disable logging. type: str override-replacemsg: description: Deprecated, please rename it to override_replacemsg. Override replacement message. type: str warn-duration: description: Deprecated, please rename it to warn_duration. Duration of warnings. type: str warning-duration-type: choices: - session - timeout description: Deprecated, please rename it to warning_duration_type. Re-display warning after closing browser or after a... type: str warning-prompt: choices: - per-domain - per-category description: Deprecated, please rename it to warning_prompt. Warning prompts in each category or each domain. type: str type: list max-quota-timeout: description: Deprecated, please rename it to max_quota_timeout. Maximum FortiGuard quota used by single page view in seconds type: int options: choices: - error-allow - http-err-detail - rate-image-urls - strict-blocking - rate-server-ip - redir-block - connect-request-bypass - log-all-url - ftgd-disable description: Options for FortiGuard Web Filter. elements: str type: list ovrd: description: (list or str) Allow web filter profile overrides. type: raw quota: description: Quota. elements: dict suboptions: category: description: (list or str) FortiGuard categories to apply quota to type: raw duration: description: Duration of quota. type: str id: description: ID number. type: int override-replacemsg: description: Deprecated, please rename it to override_replacemsg. Override replacement message. type: str type: choices: - time - traffic description: Quota type. type: str unit: choices: - B - KB - MB - GB description: Traffic quota unit of measurement. type: str value: description: Traffic quota value. type: int type: list rate-crl-urls: choices: - disable - enable description: Deprecated, please rename it to rate_crl_urls. Enable/disable rating CRL by URL. type: str rate-css-urls: choices: - disable - enable description: Deprecated, please rename it to rate_css_urls. Enable/disable rating CSS by URL. type: str rate-image-urls: choices: - disable - enable description: Deprecated, please rename it to rate_image_urls. Enable/disable rating images by URL. type: str rate-javascript-urls: choices: - disable - enable description: Deprecated, please rename it to rate_javascript_urls. Enable/disable rating JavaScript by URL. type: str type: dict https-replacemsg: choices: - disable - enable description: Deprecated, please rename it to https_replacemsg. Enable replacement messages for HTTPS. type: str inspection-mode: choices: - proxy - flow-based - dns description: Deprecated, please rename it to inspection_mode. Web filtering inspection mode. type: str log-all-url: choices: - disable - enable description: Deprecated, please rename it to log_all_url. Enable/disable logging all URLs visited. type: str name: description: Profile name. required: true type: str options: choices: - block-invalid-url - jscript - js - vbs - unknown - wf-referer - https-scan - intrinsic - wf-cookie - per-user-bwl - activexfilter - cookiefilter - https-url-scan - javafilter - rangeblock - contenttype-check - per-user-bal description: Options. elements: str type: list override: description: No description. suboptions: ovrd-cookie: choices: - deny - allow description: Deprecated, please rename it to ovrd_cookie. Allow/deny browser-based type: str ovrd-dur: description: Deprecated, please rename it to ovrd_dur. Override duration. type: str ovrd-dur-mode: choices: - constant - ask description: Deprecated, please rename it to ovrd_dur_mode. Override duration mode. type: str ovrd-scope: choices: - user - user-group - ip - ask - browser description: Deprecated, please rename it to ovrd_scope. Override scope. type: str ovrd-user-group: description: (list or str) Deprecated, please rename it to ovrd_user_group. User groups with permission to use the override. type: raw profile: description: (list or str) Web filter profile with permission to create overrides. type: raw profile-attribute: choices: - User-Name - User-Password - CHAP-Password - NAS-IP-Address - NAS-Port - Service-Type - Framed-Protocol - Framed-IP-Address - Framed-IP-Netmask - Framed-Routing - Filter-Id - Framed-MTU - Framed-Compression - Login-IP-Host - Login-Service - Login-TCP-Port - Reply-Message - Callback-Number - Callback-Id - Framed-Route - Framed-IPX-Network - State - Class - Vendor-Specific - Session-Timeout - Idle-Timeout - Termination-Action - Called-Station-Id - Calling-Station-Id - NAS-Identifier - Proxy-State - Login-LAT-Service - Login-LAT-Node - Login-LAT-Group - Framed-AppleTalk-Link - Framed-AppleTalk-Network - Framed-AppleTalk-Zone - Acct-Status-Type - Acct-Delay-Time - Acct-Input-Octets - Acct-Output-Octets - Acct-Session-Id - Acct-Authentic - Acct-Session-Time - Acct-Input-Packets - Acct-Output-Packets - Acct-Terminate-Cause - Acct-Multi-Session-Id - Acct-Link-Count - CHAP-Challenge - NAS-Port-Type - Port-Limit - Login-LAT-Port description: Deprecated, please rename it to profile_attribute. Profile attribute to retrieve from the RADIUS server. type: str profile-type: choices: - list - radius description: Deprecated, please rename it to profile_type. Override profile type. type: str type: dict ovrd-perm: choices: - bannedword-override - urlfilter-override - fortiguard-wf-override - contenttype-check-override description: Deprecated, please rename it to ovrd_perm. Permitted override types. elements: str type: list post-action: choices: - normal - comfort - block description: Deprecated, please rename it to post_action. Action taken for HTTP POST traffic. type: str replacemsg-group: description: Deprecated, please rename it to replacemsg_group. Replacement message group. type: str url-extraction: description: Deprecated, please rename it to url_extraction. suboptions: redirect-header: description: Deprecated, please rename it to redirect_header. HTTP header name to use for client redirect on blocked requests type: str redirect-no-content: choices: - disable - enable description: Deprecated, please rename it to redirect_no_content. Enable / Disable empty message-body entity in HTTP response type: str redirect-url: description: Deprecated, please rename it to redirect_url. HTTP header value to use for client redirect on blocked requests type: str server-fqdn: description: Deprecated, please rename it to server_fqdn. URL extraction server FQDN type: str status: choices: - disable - enable description: Enable URL Extraction type: str type: dict web: description: No description. suboptions: allowlist: choices: - exempt-av - exempt-webcontent - exempt-activex-java-cookie - exempt-dlp - exempt-rangeblock - extended-log-others description: FortiGuard allowlist settings. elements: str type: list blacklist: choices: - disable - enable description: Enable/disable automatic addition of URLs detected by FortiSandbox to blacklist. type: str blocklist: choices: - disable - enable description: Enable/disable automatic addition of URLs detected by FortiSandbox to blocklist. type: str bword-table: description: Deprecated, please rename it to bword_table. Banned word table ID. type: str bword-threshold: description: Deprecated, please rename it to bword_threshold. Banned word score threshold. type: int content-header-list: description: Deprecated, please rename it to content_header_list. Content header list. type: str keyword-match: description: (list) Deprecated, please rename it to keyword_match. Search keywords to log when match is found. type: raw log-search: choices: - disable - enable description: Deprecated, please rename it to log_search. Enable/disable logging all search phrases. type: str safe-search: choices: - google - yahoo - bing - url - header description: Deprecated, please rename it to safe_search. Safe search type. elements: str type: list urlfilter-table: description: Deprecated, please rename it to urlfilter_table. URL filter table ID. type: str vimeo-restrict: description: Deprecated, please rename it to vimeo_restrict. Set Vimeo-restrict type: str whitelist: choices: - exempt-av - exempt-webcontent - exempt-activex-java-cookie - exempt-dlp - exempt-rangeblock - extended-log-others description: FortiGuard whitelist settings. elements: str type: list youtube-restrict: choices: - strict - none - moderate description: Deprecated, please rename it to youtube_restrict. YouTube EDU filter level. type: str type: dict web-antiphishing-log: choices: - disable - enable description: Deprecated, please rename it to web_antiphishing_log. Enable/disable logging of AntiPhishing checks. type: str web-content-log: choices: - disable - enable description: Deprecated, please rename it to web_content_log. Enable/disable logging logging blocked web content. type: str web-extended-all-action-log: choices: - disable - enable description: Deprecated, please rename it to web_extended_all_action_log. Enable/disable extended any filter action logging for web fil... type: str web-filter-activex-log: choices: - disable - enable description: Deprecated, please rename it to web_filter_activex_log. Enable/disable logging ActiveX. type: str web-filter-applet-log: choices: - disable - enable description: Deprecated, please rename it to web_filter_applet_log. Enable/disable logging Java applets. type: str web-filter-command-block-log: choices: - disable - enable description: Deprecated, please rename it to web_filter_command_block_log. Enable/disable logging blocked commands. type: str web-filter-cookie-log: choices: - disable - enable description: Deprecated, please rename it to web_filter_cookie_log. Enable/disable logging cookie filtering. type: str web-filter-cookie-removal-log: choices: - disable - enable description: Deprecated, please rename it to web_filter_cookie_removal_log. Enable/disable logging blocked cookies. type: str web-filter-js-log: choices: - disable - enable description: Deprecated, please rename it to web_filter_js_log. Enable/disable logging Java scripts. type: str web-filter-jscript-log: choices: - disable - enable description: Deprecated, please rename it to web_filter_jscript_log. Enable/disable logging JScripts. type: str web-filter-referer-log: choices: - disable - enable description: Deprecated, please rename it to web_filter_referer_log. Enable/disable logging referrers. type: str web-filter-unknown-log: choices: - disable - enable description: Deprecated, please rename it to web_filter_unknown_log. Enable/disable logging unknown scripts. type: str web-filter-vbs-log: choices: - disable - enable description: Deprecated, please rename it to web_filter_vbs_log. Enable/disable logging VBS scripts. type: str web-flow-log-encoding: choices: - utf-8 - punycode description: Deprecated, please rename it to web_flow_log_encoding. Log encoding in flow mode. type: str web-ftgd-err-log: choices: - disable - enable description: Deprecated, please rename it to web_ftgd_err_log. Enable/disable logging rating errors. type: str web-ftgd-quota-usage: choices: - disable - enable description: Deprecated, please rename it to web_ftgd_quota_usage. Enable/disable logging daily quota usage. type: str web-invalid-domain-log: choices: - disable - enable description: Deprecated, please rename it to web_invalid_domain_log. Enable/disable logging invalid domain names. type: str web-url-log: choices: - disable - enable description: Deprecated, please rename it to web_url_log. Enable/disable logging URL filtering. type: str wisp: choices: - disable - enable description: Enable/disable web proxy WISP. type: str wisp-algorithm: choices: - auto-learning - primary-secondary - round-robin description: Deprecated, please rename it to wisp_algorithm. WISP server selection algorithm. type: str wisp-servers: description: (list or str) Deprecated, please rename it to wisp_servers. WISP servers. type: raw youtube-channel-filter: description: Deprecated, please rename it to youtube_channel_filter. Youtube-Channel-Filter. elements: dict suboptions: channel-id: description: Deprecated, please rename it to channel_id. YouTube channel ID to be filtered. type: str comment: description: Comment. type: str id: description: ID. type: int type: list youtube-channel-status: choices: - disable - blacklist - whitelist description: Deprecated, please rename it to youtube_channel_status. YouTube channel filter status. type: str type: dict workspace_locking_adom: description: The adom to lock for FortiManager running in workspace mode, the value can be global and others including root. type: str forticloud_access_token: description: Authenticate Ansible client with forticloud API access token. type: str workspace_locking_timeout: default: 300 description: The maximum time in seconds to wait for other user to release the workspace lock. type: int
meta: contains: request_url: description: The full url requested. returned: always sample: /sys/login/user type: str response_code: description: The status of api request. returned: always sample: 0 type: int response_data: description: The api response. returned: always type: list response_message: description: The descriptive message of the api response. returned: always sample: OK. type: str system_information: description: The information of the target system. returned: always type: dict description: The result of the request. returned: always type: dict rc: description: The status the request. returned: always sample: 0 type: int version_check_warning: description: Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: complex type: list