Try SpotterAntiPhishing profile.
| "added in version" 2.1.0 of fortinet.fortimanager"
Authors: Xinwei Du (@dux-fortinet), Xing Li (@lix-fortinet), Jie Xue (@JieX19), Link Zheng (@chillancezen), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu)
preview | supported by community
Install with ansible-galaxy collection install fortinet.fortimanager:==2.4.0
collections:
- name: fortinet.fortimanager
version: 2.4.0This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- name: Example playbook (generated based on argument schema)
hosts: fortimanagers
connection: httpapi
vars:
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_httpapi_port: 443
tasks:
- name: AntiPhishing profile.
fortinet.fortimanager.fmgr_webfilter_profile_antiphish:
# bypass_validation: false
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
# rc_succeeded: [0, -2, -3, ...]
# rc_failed: [-2, -3, ...]
adom: <your own value>
profile: <your own value>
webfilter_profile_antiphish:
check_basic_auth: <value in [disable, enable]>
check_uri: <value in [disable, enable]>
custom_patterns:
-
category: <value in [username, password]>
pattern: <string>
type: <value in [regex, literal]>
default_action: <value in [log, block, exempt]>
domain_controller: <string>
inspection_entries:
-
action: <value in [log, block, exempt]>
fortiguard_category: <list or string>
name: <string>
max_body_len: <integer>
status: <value in [disable, enable]>
check_username_only: <value in [disable, enable]>
authentication: <value in [domain-controller, ldap]>
ldap: <string>
adom:
description: The parameter (adom) in requested url.
required: true
type: str
profile:
description: The parameter (profile) in requested url.
required: true
type: str
rc_failed:
description: The rc codes list with which the conditions to fail will be overriden.
elements: int
type: list
enable_log:
default: false
description: Enable/Disable logging for task.
type: bool
access_token:
description: The token to access FortiManager without using username and password.
type: str
rc_succeeded:
description: The rc codes list with which the conditions to succeed will be overriden.
elements: int
type: list
proposed_method:
choices:
- update
- set
- add
description: The overridden method for the underlying Json RPC request.
type: str
bypass_validation:
default: false
description: Only set to True when module schema diffs with FortiManager API structure,
module continues to execute without validating parameters.
type: bool
workspace_locking_adom:
description: The adom to lock for FortiManager running in workspace mode, the value
can be global and others including root.
type: str
forticloud_access_token:
description: Authenticate Ansible client with forticloud API access token.
type: str
workspace_locking_timeout:
default: 300
description: The maximum time in seconds to wait for other user to release the workspace
lock.
type: int
webfilter_profile_antiphish:
description: The top level parameters set.
required: false
suboptions:
authentication:
choices:
- domain-controller
- ldap
description: Authentication methods.
type: str
check-basic-auth:
choices:
- disable
- enable
description: Deprecated, please rename it to check_basic_auth. Enable/disable
checking of HTTP Basic Auth field for known credentials.
type: str
check-uri:
choices:
- disable
- enable
description: Deprecated, please rename it to check_uri. Enable/disable checking
of GET URI parameters for known credentials.
type: str
check-username-only:
choices:
- disable
- enable
description: Deprecated, please rename it to check_username_only. Enable/disable
acting only on valid username credentials.
type: str
custom-patterns:
description: Deprecated, please rename it to custom_patterns.
elements: dict
suboptions:
category:
choices:
- username
- password
description: Category that the pattern matches.
type: str
pattern:
description: Target pattern.
type: str
type:
choices:
- regex
- literal
description: Pattern will be treated either as a regex pattern or literal
string.
type: str
type: list
default-action:
choices:
- log
- block
- exempt
description: Deprecated, please rename it to default_action. Action to be taken
when there is no matching rule.
type: str
domain-controller:
description: Deprecated, please rename it to domain_controller. Domain for which
to verify received credentials against.
type: str
inspection-entries:
description: Deprecated, please rename it to inspection_entries.
elements: dict
suboptions:
action:
choices:
- log
- block
- exempt
description: Action to be taken upon an AntiPhishing match.
type: str
fortiguard-category:
description: (list) Deprecated, please rename it to fortiguard_category.
type: raw
name:
description: Inspection target name.
type: str
type: list
ldap:
description: LDAP server for which to verify received credentials against.
type: str
max-body-len:
description: Deprecated, please rename it to max_body_len. Maximum size of a POST
body to check for credentials.
type: int
status:
choices:
- disable
- enable
description: Toggle AntiPhishing functionality.
type: str
type: dict
meta:
contains:
request_url:
description: The full url requested.
returned: always
sample: /sys/login/user
type: str
response_code:
description: The status of api request.
returned: always
sample: 0
type: int
response_data:
description: The api response.
returned: always
type: list
response_message:
description: The descriptive message of the api response.
returned: always
sample: OK.
type: str
system_information:
description: The information of the target system.
returned: always
type: dict
description: The result of the request.
returned: always
type: dict
rc:
description: The status the request.
returned: always
sample: 0
type: int
version_check_warning:
description: Warning if the parameters used in the playbook are not supported by
the current FortiManager version.
returned: complex
type: list