Try SpotterConfigure ICAP profiles in Fortinet's FortiOS and FortiGate.
| "added in version" 2.0.0 of fortinet.fortios"
Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico)
preview | supported by community
Install with ansible-galaxy collection install fortinet.fortios:==2.3.6
collections:
- name: fortinet.fortios
version: 2.3.6This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify icap feature and profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
- name: Configure ICAP profiles.
fortinet.fortios.fortios_icap_profile:
vdom: "{{ vdom }}"
state: "present"
access_token: "<your_own_value>"
icap_profile:
response_204: "disable"
size_limit_204: "1"
chunk_encap: "disable"
comment: "Comment."
extension_feature: "scan-progress"
file_transfer: "ssh"
file_transfer_failure: "error"
file_transfer_path: "<your_own_value>"
file_transfer_server: "<your_own_value> (source icap.server.name icap.server-group.name)"
icap_block_log: "disable"
icap_headers:
-
base64_encoding: "disable"
content: "<your_own_value>"
id: "16"
name: "default_name_17"
methods: "delete"
name: "default_name_19"
preview: "disable"
preview_data_length: "0"
replacemsg_group: "<your_own_value> (source system.replacemsg-group.name)"
request: "disable"
request_failure: "error"
request_path: "<your_own_value>"
request_server: "<your_own_value> (source icap.server.name icap.server-group.name)"
respmod_default_action: "forward"
respmod_forward_rules:
-
action: "forward"
header_group:
-
case_sensitivity: "disable"
header: "<your_own_value>"
header_name: "<your_own_value>"
id: "34"
host: "myhostname (source firewall.address.name firewall.addrgrp.name firewall.proxy-address.name)"
http_resp_status_code:
-
code: "<you_own_value>"
name: "default_name_38"
response: "disable"
response_failure: "error"
response_path: "<your_own_value>"
response_req_hdr: "disable"
response_server: "<your_own_value> (source icap.server.name icap.server-group.name)"
scan_progress_interval: "10"
streaming_content_bypass: "disable"
timeout: "30"
vdom:
default: root
description:
- Virtual domain, among those defined previously. A vdom is a virtual instance of
the FortiGate that can be configured and used as a different unit.
type: str
state:
choices:
- present
- absent
description:
- Indicates whether to create or remove the object.
required: true
type: str
enable_log:
default: false
description:
- Enable/Disable logging for task.
required: false
type: bool
member_path:
description:
- Member attribute path to operate on.
- Delimited by a slash character if there are more than one attribute.
- Parameter marked with member_path is legitimate for doing member operation.
type: str
access_token:
description:
- Token-based authentication. Generated from GUI of Fortigate.
required: false
type: str
icap_profile:
default: null
description:
- Configure ICAP profiles.
suboptions:
chunk_encap:
choices:
- disable
- enable
description:
- Enable/disable chunked encapsulation .
type: str
comment:
description:
- Comment.
type: str
extension_feature:
choices:
- scan-progress
description:
- Enable/disable ICAP extension features.
elements: str
type: list
file_transfer:
choices:
- ssh
- ftp
description:
- Configure the file transfer protocols to pass transferred files to an ICAP server
as REQMOD.
elements: str
type: list
file_transfer_failure:
choices:
- error
- bypass
description:
- Action to take if the ICAP server cannot be contacted when processing a file
transfer.
type: str
file_transfer_path:
description:
- Path component of the ICAP URI that identifies the file transfer processing
service.
type: str
file_transfer_server:
description:
- ICAP server to use for a file transfer. Source icap.server.name icap.server-group.name.
type: str
icap_block_log:
choices:
- disable
- enable
description:
- Enable/disable UTM log when infection found .
type: str
icap_headers:
description:
- Configure ICAP forwarded request headers.
elements: dict
suboptions:
base64_encoding:
choices:
- disable
- enable
description:
- Enable/disable use of base64 encoding of HTTP content.
type: str
content:
description:
- HTTP header content.
type: str
id:
description:
- HTTP forwarded header ID. see <a href='#notes'>Notes</a>.
required: true
type: int
name:
description:
- HTTP forwarded header name.
type: str
type: list
methods:
choices:
- delete
- get
- head
- options
- post
- put
- trace
- connect
- other
description:
- The allowed HTTP methods that will be sent to ICAP server for further processing.
elements: str
type: list
name:
description:
- ICAP profile name.
required: true
type: str
preview:
choices:
- disable
- enable
description:
- Enable/disable preview of data to ICAP server.
type: str
preview_data_length:
description:
- Preview data length to be sent to ICAP server.
type: int
replacemsg_group:
description:
- Replacement message group. Source system.replacemsg-group.name.
type: str
request:
choices:
- disable
- enable
description:
- Enable/disable whether an HTTP request is passed to an ICAP server.
type: str
request_failure:
choices:
- error
- bypass
description:
- Action to take if the ICAP server cannot be contacted when processing an HTTP
request.
type: str
request_path:
description:
- Path component of the ICAP URI that identifies the HTTP request processing service.
type: str
request_server:
description:
- ICAP server to use for an HTTP request. Source icap.server.name icap.server-group.name.
type: str
respmod_default_action:
choices:
- forward
- bypass
description:
- Default action to ICAP response modification (respmod) processing.
type: str
respmod_forward_rules:
description:
- ICAP response mode forward rules.
elements: dict
suboptions:
action:
choices:
- forward
- bypass
description:
- Action to be taken for ICAP server.
type: str
header_group:
description:
- HTTP header group.
elements: dict
suboptions:
case_sensitivity:
choices:
- disable
- enable
description:
- Enable/disable case sensitivity when matching header.
type: str
header:
description:
- HTTP header regular expression.
type: str
header_name:
description:
- HTTP header.
type: str
id:
description:
- ID. see <a href='#notes'>Notes</a>.
required: true
type: int
type: list
host:
description:
- Address object for the host. Source firewall.address.name firewall.addrgrp.name
firewall.proxy-address.name.
type: str
http_resp_status_code:
description:
- HTTP response status code.
elements: dict
suboptions:
code:
description:
- HTTP response status code. see <a href='#notes'>Notes</a>.
required: true
type: int
type: list
name:
description:
- Address name.
required: true
type: str
type: list
response:
choices:
- disable
- enable
description:
- Enable/disable whether an HTTP response is passed to an ICAP server.
type: str
response_204:
choices:
- disable
- enable
description:
- Enable/disable allowance of 204 response from ICAP server.
type: str
response_failure:
choices:
- error
- bypass
description:
- Action to take if the ICAP server cannot be contacted when processing an HTTP
response.
type: str
response_path:
description:
- Path component of the ICAP URI that identifies the HTTP response processing
service.
type: str
response_req_hdr:
choices:
- disable
- enable
description:
- Enable/disable addition of req-hdr for ICAP response modification (respmod)
processing.
type: str
response_server:
description:
- ICAP server to use for an HTTP response. Source icap.server.name icap.server-group.name.
type: str
scan_progress_interval:
description:
- Scan progress interval value.
type: int
size_limit_204:
description:
- 204 response size limit to be saved by ICAP client in megabytes (1 - 10).
type: int
streaming_content_bypass:
choices:
- disable
- enable
description:
- Enable/disable bypassing of ICAP server for streaming content.
type: str
timeout:
description:
- Time (in seconds) that ICAP client waits for the response from ICAP server.
type: int
type: dict
member_state:
choices:
- present
- absent
description:
- Add or delete a member under specified attribute path.
- When member_state is specified, the state option is ignored.
type: str
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str