fortinet / fortinet.fortimanager / 2.4.0 / module / fmgr_widsprofile Configure wireless intrusion detection system | "added in version" 2.0.0 of fortinet.fortimanager" Authors: Xinwei Du (@dux-fortinet), Xing Li (@lix-fortinet), Jie Xue (@JieX19), Link Zheng (@chillancezen), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu) preview | supported by communityfortinet.fortimanager.fmgr_widsprofile (2.4.0) — module
Install with ansible-galaxy collection install fortinet.fortimanager:==2.4.0
collections: - name: fortinet.fortimanager version: 2.4.0
This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- name: Example playbook (generated based on argument schema) hosts: fortimanagers connection: httpapi vars: ansible_httpapi_use_ssl: true ansible_httpapi_validate_certs: false ansible_httpapi_port: 443 tasks: - name: Configure wireless intrusion detection system fortinet.fortimanager.fmgr_widsprofile: # bypass_validation: false workspace_locking_adom: <value in [global, custom adom including root]> workspace_locking_timeout: 300 # rc_succeeded: [0, -2, -3, ...] # rc_failed: [-2, -3, ...] adom: <your own value> state: present # <value in [present, absent]> widsprofile: ap_auto_suppress: <value in [disable, enable]> ap_bgscan_disable_day: - sunday - monday - tuesday - wednesday - thursday - friday - saturday ap_bgscan_disable_end: <string> ap_bgscan_disable_start: <string> ap_bgscan_duration: <integer> ap_bgscan_idle: <integer> ap_bgscan_intv: <integer> ap_bgscan_period: <integer> ap_bgscan_report_intv: <integer> ap_fgscan_report_intv: <integer> ap_scan: <value in [disable, enable]> ap_scan_passive: <value in [disable, enable]> asleap_attack: <value in [disable, enable]> assoc_flood_thresh: <integer> assoc_flood_time: <integer> assoc_frame_flood: <value in [disable, enable]> auth_flood_thresh: <integer> auth_flood_time: <integer> auth_frame_flood: <value in [disable, enable]> comment: <string> deauth_broadcast: <value in [disable, enable]> deauth_unknown_src_thresh: <integer> eapol_fail_flood: <value in [disable, enable]> eapol_fail_intv: <integer> eapol_fail_thresh: <integer> eapol_logoff_flood: <value in [disable, enable]> eapol_logoff_intv: <integer> eapol_logoff_thresh: <integer> eapol_pre_fail_flood: <value in [disable, enable]> eapol_pre_fail_intv: <integer> eapol_pre_fail_thresh: <integer> eapol_pre_succ_flood: <value in [disable, enable]> eapol_pre_succ_intv: <integer> eapol_pre_succ_thresh: <integer> eapol_start_flood: <value in [disable, enable]> eapol_start_intv: <integer> eapol_start_thresh: <integer> eapol_succ_flood: <value in [disable, enable]> eapol_succ_intv: <integer> eapol_succ_thresh: <integer> invalid_mac_oui: <value in [disable, enable]> long_duration_attack: <value in [disable, enable]> long_duration_thresh: <integer> name: <string> null_ssid_probe_resp: <value in [disable, enable]> sensor_mode: <value in [disable, foreign, both]> spoofed_deauth: <value in [disable, enable]> weak_wep_iv: <value in [disable, enable]> wireless_bridge: <value in [disable, enable]> ap_bgscan_disable_schedules: <list or string> rogue_scan: <value in [disable, enable]> ap_scan_threshold: <string> ap_scan_channel_list_2G_5G: <list or string> ap_scan_channel_list_6G: <list or string>
adom: description: The parameter (adom) in requested url. required: true type: str state: choices: - present - absent description: The directive to create, update or delete an object. required: true type: str rc_failed: description: The rc codes list with which the conditions to fail will be overriden. elements: int type: list enable_log: default: false description: Enable/Disable logging for task. type: bool widsprofile: description: The top level parameters set. required: false suboptions: ap-auto-suppress: choices: - disable - enable description: Deprecated, please rename it to ap_auto_suppress. Enable/disable on-wire rogue AP auto-suppression type: str ap-bgscan-disable-day: choices: - sunday - monday - tuesday - wednesday - thursday - friday - saturday description: Deprecated, please rename it to ap_bgscan_disable_day. Ap-Bgscan-Disable-Day. elements: str type: list ap-bgscan-disable-end: description: Deprecated, please rename it to ap_bgscan_disable_end. End time, using a 24-hour clock in the format of hh type: str ap-bgscan-disable-schedules: description: (list or str) Deprecated, please rename it to ap_bgscan_disable_schedules. Firewall schedules for turning off FortiAP radi... type: raw ap-bgscan-disable-start: description: Deprecated, please rename it to ap_bgscan_disable_start. Start time, using a 24-hour clock in the format of hh type: str ap-bgscan-duration: description: Deprecated, please rename it to ap_bgscan_duration. Listening time on a scanning channel type: int ap-bgscan-idle: description: Deprecated, please rename it to ap_bgscan_idle. Waiting time for channel inactivity before scanning this channel type: int ap-bgscan-intv: description: Deprecated, please rename it to ap_bgscan_intv. Period of time between scanning two channels type: int ap-bgscan-period: description: Deprecated, please rename it to ap_bgscan_period. Period of time between background scans type: int ap-bgscan-report-intv: description: Deprecated, please rename it to ap_bgscan_report_intv. Period of time between background scan reports type: int ap-fgscan-report-intv: description: Deprecated, please rename it to ap_fgscan_report_intv. Period of time between foreground scan reports type: int ap-scan: choices: - disable - enable description: Deprecated, please rename it to ap_scan. Enable/disable rogue AP detection. type: str ap-scan-channel-list-2G-5G: description: (list) Deprecated, please rename it to ap_scan_channel_list_2G_5G. type: raw ap-scan-channel-list-6G: description: (list) Deprecated, please rename it to ap_scan_channel_list_6G. type: raw ap-scan-passive: choices: - disable - enable description: Deprecated, please rename it to ap_scan_passive. Enable/disable passive scanning. type: str ap-scan-threshold: description: Deprecated, please rename it to ap_scan_threshold. Minimum signal level/threshold in dBm required for the AP to report det... type: str asleap-attack: choices: - disable - enable description: Deprecated, please rename it to asleap_attack. Enable/disable asleap attack detection type: str assoc-flood-thresh: description: Deprecated, please rename it to assoc_flood_thresh. The threshold value for association frame flooding. type: int assoc-flood-time: description: Deprecated, please rename it to assoc_flood_time. Number of seconds after which a station is considered not connected. type: int assoc-frame-flood: choices: - disable - enable description: Deprecated, please rename it to assoc_frame_flood. Enable/disable association frame flooding detection type: str auth-flood-thresh: description: Deprecated, please rename it to auth_flood_thresh. The threshold value for authentication frame flooding. type: int auth-flood-time: description: Deprecated, please rename it to auth_flood_time. Number of seconds after which a station is considered not connected. type: int auth-frame-flood: choices: - disable - enable description: Deprecated, please rename it to auth_frame_flood. Enable/disable authentication frame flooding detection type: str comment: description: Comment. type: str deauth-broadcast: choices: - disable - enable description: Deprecated, please rename it to deauth_broadcast. Enable/disable broadcasting de-authentication detection type: str deauth-unknown-src-thresh: description: Deprecated, please rename it to deauth_unknown_src_thresh. Threshold value per second to deauth unknown src for DoS attack type: int eapol-fail-flood: choices: - disable - enable description: Deprecated, please rename it to eapol_fail_flood. Enable/disable EAPOL-Failure flooding type: str eapol-fail-intv: description: Deprecated, please rename it to eapol_fail_intv. The detection interval for EAPOL-Failure flooding type: int eapol-fail-thresh: description: Deprecated, please rename it to eapol_fail_thresh. The threshold value for EAPOL-Failure flooding in specified interval. type: int eapol-logoff-flood: choices: - disable - enable description: Deprecated, please rename it to eapol_logoff_flood. Enable/disable EAPOL-Logoff flooding type: str eapol-logoff-intv: description: Deprecated, please rename it to eapol_logoff_intv. The detection interval for EAPOL-Logoff flooding type: int eapol-logoff-thresh: description: Deprecated, please rename it to eapol_logoff_thresh. The threshold value for EAPOL-Logoff flooding in specified interval. type: int eapol-pre-fail-flood: choices: - disable - enable description: Deprecated, please rename it to eapol_pre_fail_flood. Enable/disable premature EAPOL-Failure flooding type: str eapol-pre-fail-intv: description: Deprecated, please rename it to eapol_pre_fail_intv. The detection interval for premature EAPOL-Failure flooding type: int eapol-pre-fail-thresh: description: Deprecated, please rename it to eapol_pre_fail_thresh. The threshold value for premature EAPOL-Failure flooding in specifi... type: int eapol-pre-succ-flood: choices: - disable - enable description: Deprecated, please rename it to eapol_pre_succ_flood. Enable/disable premature EAPOL-Success flooding type: str eapol-pre-succ-intv: description: Deprecated, please rename it to eapol_pre_succ_intv. The detection interval for premature EAPOL-Success flooding type: int eapol-pre-succ-thresh: description: Deprecated, please rename it to eapol_pre_succ_thresh. The threshold value for premature EAPOL-Success flooding in specifi... type: int eapol-start-flood: choices: - disable - enable description: Deprecated, please rename it to eapol_start_flood. Enable/disable EAPOL-Start flooding type: str eapol-start-intv: description: Deprecated, please rename it to eapol_start_intv. The detection interval for EAPOL-Start flooding type: int eapol-start-thresh: description: Deprecated, please rename it to eapol_start_thresh. The threshold value for EAPOL-Start flooding in specified interval. type: int eapol-succ-flood: choices: - disable - enable description: Deprecated, please rename it to eapol_succ_flood. Enable/disable EAPOL-Success flooding type: str eapol-succ-intv: description: Deprecated, please rename it to eapol_succ_intv. The detection interval for EAPOL-Success flooding type: int eapol-succ-thresh: description: Deprecated, please rename it to eapol_succ_thresh. The threshold value for EAPOL-Success flooding in specified interval. type: int invalid-mac-oui: choices: - disable - enable description: Deprecated, please rename it to invalid_mac_oui. Enable/disable invalid MAC OUI detection. type: str long-duration-attack: choices: - disable - enable description: Deprecated, please rename it to long_duration_attack. Enable/disable long duration attack detection based on user configur... type: str long-duration-thresh: description: Deprecated, please rename it to long_duration_thresh. Threshold value for long duration attack detection type: int name: description: WIDS profile name. required: true type: str null-ssid-probe-resp: choices: - disable - enable description: Deprecated, please rename it to null_ssid_probe_resp. Enable/disable null SSID probe response detection type: str rogue-scan: choices: - disable - enable description: Deprecated, please rename it to rogue_scan. Enable/disable rogue AP on-wire scan. type: str sensor-mode: choices: - disable - foreign - both description: Deprecated, please rename it to sensor_mode. Scan WiFi nearby stations type: str spoofed-deauth: choices: - disable - enable description: Deprecated, please rename it to spoofed_deauth. Enable/disable spoofed de-authentication attack detection type: str weak-wep-iv: choices: - disable - enable description: Deprecated, please rename it to weak_wep_iv. Enable/disable weak WEP IV type: str wireless-bridge: choices: - disable - enable description: Deprecated, please rename it to wireless_bridge. Enable/disable wireless bridge detection type: str type: dict access_token: description: The token to access FortiManager without using username and password. type: str rc_succeeded: description: The rc codes list with which the conditions to succeed will be overriden. elements: int type: list proposed_method: choices: - update - set - add description: The overridden method for the underlying Json RPC request. type: str bypass_validation: default: false description: Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. type: bool workspace_locking_adom: description: The adom to lock for FortiManager running in workspace mode, the value can be global and others including root. type: str forticloud_access_token: description: Authenticate Ansible client with forticloud API access token. type: str workspace_locking_timeout: default: 300 description: The maximum time in seconds to wait for other user to release the workspace lock. type: int
meta: contains: request_url: description: The full url requested. returned: always sample: /sys/login/user type: str response_code: description: The status of api request. returned: always sample: 0 type: int response_data: description: The api response. returned: always type: list response_message: description: The descriptive message of the api response. returned: always sample: OK. type: str system_information: description: The information of the target system. returned: always type: dict description: The result of the request. returned: always type: dict rc: description: The status the request. returned: always sample: 0 type: int version_check_warning: description: Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: complex type: list