Try SpotterConfigure FortiClient Enterprise Management Server (EMS) entries in Fortinet's FortiOS and FortiGate.
| "added in version" 2.0.0 of fortinet.fortios"
Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico)
preview | supported by community
Install with ansible-galaxy collection install fortinet.fortios:==2.3.6
collections:
- name: fortinet.fortios
version: 2.3.6This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify endpoint_control feature and fctems category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
- name: Configure FortiClient Enterprise Management Server (EMS) entries.
fortinet.fortios.fortios_endpoint_control_fctems:
vdom: "{{ vdom }}"
state: "present"
access_token: "<your_own_value>"
endpoint_control_fctems:
admin_password: "<your_own_value>"
admin_username: "<your_own_value>"
call_timeout: "30"
capabilities: "fabric-auth"
certificate: "<your_own_value> (source certificate.remote.name)"
cloud_server_type: "production"
dirty_reason: "none"
ems_id: "<you_own_value>"
fortinetone_cloud_authentication: "enable"
https_port: "443"
interface: "<your_own_value> (source system.interface.name)"
interface_select_method: "auto"
name: "default_name_15"
out_of_sync_threshold: "180"
preserve_ssl_session: "enable"
pull_avatars: "enable"
pull_malware_hash: "enable"
pull_sysinfo: "enable"
pull_tags: "enable"
pull_vulnerabilities: "enable"
send_tags_to_all_vdoms: "enable"
serial_number: "<your_own_value>"
server: "192.168.100.40"
source_ip: "84.230.14.43"
status: "enable"
status_check_interval: "90"
tenant_id: "<your_own_value>"
trust_ca_cn: "enable"
verifying_ca: "<your_own_value> (source certificate.ca.name vpn.certificate.ca.name)"
websocket_override: "enable"
vdom:
default: root
description:
- Virtual domain, among those defined previously. A vdom is a virtual instance of
the FortiGate that can be configured and used as a different unit.
type: str
state:
choices:
- present
- absent
description:
- Indicates whether to create or remove the object.
required: true
type: str
enable_log:
default: false
description:
- Enable/Disable logging for task.
required: false
type: bool
member_path:
description:
- Member attribute path to operate on.
- Delimited by a slash character if there are more than one attribute.
- Parameter marked with member_path is legitimate for doing member operation.
type: str
access_token:
description:
- Token-based authentication. Generated from GUI of Fortigate.
required: false
type: str
member_state:
choices:
- present
- absent
description:
- Add or delete a member under specified attribute path.
- When member_state is specified, the state option is ignored.
type: str
endpoint_control_fctems:
default: null
description:
- Configure FortiClient Enterprise Management Server (EMS) entries.
suboptions:
admin_password:
description:
- FortiClient EMS admin password.
type: str
admin_username:
description:
- FortiClient EMS admin username.
type: str
call_timeout:
description:
- FortiClient EMS call timeout in seconds (1 - 180 seconds).
type: int
capabilities:
choices:
- fabric-auth
- silent-approval
- websocket
- websocket-malware
- push-ca-certs
- common-tags-api
- tenant-id
- client-avatars
- single-vdom-connector
description:
- List of EMS capabilities.
elements: str
type: list
certificate:
description:
- FortiClient EMS certificate. Source certificate.remote.name.
type: str
cloud_server_type:
choices:
- production
- alpha
- beta
description:
- Cloud server type.
type: str
dirty_reason:
choices:
- none
- mismatched-ems-sn
description:
- Dirty Reason for FortiClient EMS.
type: str
ems_id:
description:
- EMS ID in order (1 - 7). see <a href='#notes'>Notes</a>.
required: true
type: int
fortinetone_cloud_authentication:
choices:
- enable
- disable
description:
- Enable/disable authentication of FortiClient EMS Cloud through FortiCloud account.
type: str
https_port:
description:
- FortiClient EMS HTTPS access port number. (1 - 65535).
type: int
interface:
description:
- Specify outgoing interface to reach server. Source system.interface.name.
type: str
interface_select_method:
choices:
- auto
- sdwan
- specify
description:
- Specify how to select outgoing interface to reach server.
type: str
name:
description:
- FortiClient Enterprise Management Server (EMS) name.
type: str
out_of_sync_threshold:
description:
- Outdated resource threshold in seconds (10 - 3600).
type: int
preserve_ssl_session:
choices:
- enable
- disable
description:
- Enable/disable preservation of EMS SSL session connection. Warning, most users
should not touch this setting.
type: str
pull_avatars:
choices:
- enable
- disable
description:
- Enable/disable pulling avatars from EMS.
type: str
pull_malware_hash:
choices:
- enable
- disable
description:
- Enable/disable pulling FortiClient malware hash from EMS.
type: str
pull_sysinfo:
choices:
- enable
- disable
description:
- Enable/disable pulling SysInfo from EMS.
type: str
pull_tags:
choices:
- enable
- disable
description:
- Enable/disable pulling FortiClient user tags from EMS.
type: str
pull_vulnerabilities:
choices:
- enable
- disable
description:
- Enable/disable pulling vulnerabilities from EMS.
type: str
send_tags_to_all_vdoms:
choices:
- enable
- disable
description:
- Relax restrictions on tags to send all EMS tags to all VDOMs
type: str
serial_number:
description:
- EMS Serial Number.
type: str
server:
description:
- FortiClient EMS FQDN or IPv4 address.
type: str
source_ip:
description:
- REST API call source IP.
type: str
status:
choices:
- enable
- disable
description:
- Enable or disable this EMS configuration.
type: str
status_check_interval:
description:
- FortiClient EMS call timeout in seconds (1 - 120 seconds).
type: int
tenant_id:
description:
- EMS Tenant ID.
type: str
trust_ca_cn:
choices:
- enable
- disable
description:
- Enable/disable trust of the EMS certificate issuer(CA) and common name(CN) for
certificate auto-renewal.
type: str
verifying_ca:
description:
- Lowest CA cert on Fortigate in verified EMS cert chain. Source certificate.ca.name
vpn.certificate.ca.name.
type: str
websocket_override:
choices:
- enable
- disable
description:
- Enable/disable override behavior for how this FortiGate unit connects to EMS
using a WebSocket connection.
type: str
type: dict
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str