Try SpotterConfigure FortiGuard services in Fortinet's FortiOS and FortiGate.
| "added in version" 2.0.0 of fortinet.fortios"
Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico)
preview | supported by community
Install with ansible-galaxy collection install fortinet.fortios:==2.3.6
collections:
- name: fortinet.fortios
version: 2.3.6This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and fortiguard category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
- name: Configure FortiGuard services.
fortinet.fortios.fortios_system_fortiguard:
vdom: "{{ vdom }}"
system_fortiguard:
antispam_cache: "enable"
antispam_cache_mpercent: "2"
antispam_cache_mpermille: "1"
antispam_cache_ttl: "1800"
antispam_expiration: "0"
antispam_force_off: "enable"
antispam_license: "4294967295"
antispam_timeout: "7"
anycast_sdns_server_ip: "<your_own_value>"
anycast_sdns_server_port: "853"
auto_firmware_upgrade: "enable"
auto_firmware_upgrade_day: "sunday"
auto_firmware_upgrade_delay: "3"
auto_firmware_upgrade_end_hour: "4"
auto_firmware_upgrade_start_hour: "1"
auto_join_forticloud: "enable"
ddns_server_ip: "<your_own_value>"
ddns_server_ip6: "<your_own_value>"
ddns_server_port: "443"
FDS_license_expiring_days: "15"
fortiguard_anycast: "enable"
fortiguard_anycast_source: "fortinet"
interface: "<your_own_value> (source system.interface.name)"
interface_select_method: "auto"
load_balance_servers: "1"
outbreak_prevention_cache: "enable"
outbreak_prevention_cache_mpercent: "2"
outbreak_prevention_cache_mpermille: "1"
outbreak_prevention_cache_ttl: "300"
outbreak_prevention_expiration: "0"
outbreak_prevention_force_off: "enable"
outbreak_prevention_license: "4294967295"
outbreak_prevention_timeout: "7"
persistent_connection: "enable"
port: "8888"
protocol: "udp"
proxy_password: "<your_own_value>"
proxy_server_ip: "<your_own_value>"
proxy_server_port: "0"
proxy_username: "<your_own_value>"
sandbox_inline_scan: "enable"
sandbox_region: "<your_own_value>"
sdns_options: "include-question-section"
sdns_server_ip: "<your_own_value>"
sdns_server_port: "53"
service_account_id: "<your_own_value>"
source_ip: "84.230.14.43"
source_ip6: "<your_own_value>"
update_build_proxy: "enable"
update_dldb: "enable"
update_extdb: "enable"
update_ffdb: "enable"
update_server_location: "automatic"
update_uwdb: "enable"
vdom: "<your_own_value> (source system.vdom.name)"
videofilter_expiration: "0"
videofilter_license: "4294967295"
webfilter_cache: "enable"
webfilter_cache_ttl: "3600"
webfilter_expiration: "0"
webfilter_force_off: "enable"
webfilter_license: "4294967295"
webfilter_timeout: "15"
vdom:
default: root
description:
- Virtual domain, among those defined previously. A vdom is a virtual instance of
the FortiGate that can be configured and used as a different unit.
type: str
enable_log:
default: false
description:
- Enable/Disable logging for task.
required: false
type: bool
member_path:
description:
- Member attribute path to operate on.
- Delimited by a slash character if there are more than one attribute.
- Parameter marked with member_path is legitimate for doing member operation.
type: str
access_token:
description:
- Token-based authentication. Generated from GUI of Fortigate.
required: false
type: str
member_state:
choices:
- present
- absent
description:
- Add or delete a member under specified attribute path.
- When member_state is specified, the state option is ignored.
type: str
system_fortiguard:
default: null
description:
- Configure FortiGuard services.
suboptions:
FDS_license_expiring_days:
description:
- Threshold for number of days before FortiGuard license expiration to generate
license expiring event log (1 - 100 days).
type: int
antispam_cache:
choices:
- enable
- disable
description:
- Enable/disable FortiGuard antispam request caching. Uses a small amount of memory
but improves performance.
type: str
antispam_cache_mpercent:
description:
- Maximum percentage of FortiGate memory the antispam cache is allowed to use
(1 - 15).
type: int
antispam_cache_mpermille:
description:
- Maximum permille of FortiGate memory the antispam cache is allowed to use (1
- 150).
type: int
antispam_cache_ttl:
description:
- Time-to-live for antispam cache entries in seconds (300 - 86400). Lower times
reduce the cache size. Higher times may improve performance since the cache
will have more entries.
type: int
antispam_expiration:
description:
- Expiration date of the FortiGuard antispam contract.
type: int
antispam_force_off:
choices:
- enable
- disable
description:
- Enable/disable turning off the FortiGuard antispam service.
type: str
antispam_license:
description:
- Interval of time between license checks for the FortiGuard antispam contract.
type: int
antispam_timeout:
description:
- Antispam query time out (1 - 30 sec).
type: int
anycast_sdns_server_ip:
description:
- IP address of the FortiGuard anycast DNS rating server.
type: str
anycast_sdns_server_port:
description:
- Port to connect to on the FortiGuard anycast DNS rating server.
type: int
auto_firmware_upgrade:
choices:
- enable
- disable
description:
- Enable/disable automatic patch-level firmware upgrade from FortiGuard. The FortiGate
unit searches for new patches only in the same major and minor version.
type: str
auto_firmware_upgrade_day:
choices:
- sunday
- monday
- tuesday
- wednesday
- thursday
- friday
- saturday
description:
- Allowed day(s) of the week to install an automatic patch-level firmware upgrade
from FortiGuard . Disallow any day of the week to use auto-firmware-upgrade-delay
instead, which waits for designated days before installing an automatic patch-level
firmware upgrade.
elements: str
type: list
auto_firmware_upgrade_delay:
description:
- Delay of day(s) before installing an automatic patch-level firmware upgrade
from FortiGuard of the week for installing an automatic patch-level firmware
upgrade.
type: int
auto_firmware_upgrade_end_hour:
description:
- End time in the designated time window for automatic patch-level firmware upgrade
from FortiGuard in 24 hour time (0 ~ 23). When the end time is smaller than
the start time, the end time is interpreted as the next day. The actual upgrade
time is selected randomly within the time window.
type: int
auto_firmware_upgrade_start_hour:
description:
- Start time in the designated time window for automatic patch-level firmware
upgrade from FortiGuard in 24 hour time (0 ~ 23). The actual upgrade time is
selected randomly within the time window.
type: int
auto_join_forticloud:
choices:
- enable
- disable
description:
- Automatically connect to and login to FortiCloud.
type: str
ddns_server_ip:
description:
- IP address of the FortiDDNS server.
type: str
ddns_server_ip6:
description:
- IPv6 address of the FortiDDNS server.
type: str
ddns_server_port:
description:
- Port used to communicate with FortiDDNS servers.
type: int
fortiguard_anycast:
choices:
- enable
- disable
description:
- Enable/disable use of FortiGuard"s Anycast network.
type: str
fortiguard_anycast_source:
choices:
- fortinet
- aws
- debug
description:
- Configure which of Fortinet"s servers to provide FortiGuard services in FortiGuard"s
anycast network. Default is Fortinet.
type: str
interface:
description:
- Specify outgoing interface to reach server. Source system.interface.name.
type: str
interface_select_method:
choices:
- auto
- sdwan
- specify
description:
- Specify how to select outgoing interface to reach server.
type: str
load_balance_servers:
description:
- Number of servers to alternate between as first FortiGuard option.
type: int
outbreak_prevention_cache:
choices:
- enable
- disable
description:
- Enable/disable FortiGuard Virus Outbreak Prevention cache.
type: str
outbreak_prevention_cache_mpercent:
description:
- Maximum percent of memory FortiGuard Virus Outbreak Prevention cache can use
(1 - 15%).
type: int
outbreak_prevention_cache_mpermille:
description:
- Maximum permille of memory FortiGuard Virus Outbreak Prevention cache can use
(1 - 150 permille).
type: int
outbreak_prevention_cache_ttl:
description:
- Time-to-live for FortiGuard Virus Outbreak Prevention cache entries (300 - 86400
sec).
type: int
outbreak_prevention_expiration:
description:
- Expiration date of FortiGuard Virus Outbreak Prevention contract.
type: int
outbreak_prevention_force_off:
choices:
- enable
- disable
description:
- Turn off FortiGuard Virus Outbreak Prevention service.
type: str
outbreak_prevention_license:
description:
- Interval of time between license checks for FortiGuard Virus Outbreak Prevention
contract.
type: int
outbreak_prevention_timeout:
description:
- FortiGuard Virus Outbreak Prevention time out (1 - 30 sec).
type: int
persistent_connection:
choices:
- enable
- disable
description:
- Enable/disable use of persistent connection to receive update notification from
FortiGuard.
type: str
port:
choices:
- '8888'
- '53'
- '80'
- '443'
description:
- Port used to communicate with the FortiGuard servers.
type: str
protocol:
choices:
- udp
- http
- https
description:
- Protocol used to communicate with the FortiGuard servers.
type: str
proxy_password:
description:
- Proxy user password.
type: str
proxy_server_ip:
description:
- Hostname or IPv4 address of the proxy server.
type: str
proxy_server_port:
description:
- Port used to communicate with the proxy server.
type: int
proxy_username:
description:
- Proxy user name.
type: str
sandbox_inline_scan:
choices:
- enable
- disable
description:
- Enable/disable FortiCloud Sandbox inline-scan.
type: str
sandbox_region:
description:
- FortiCloud Sandbox region.
type: str
sdns_options:
choices:
- include-question-section
description:
- Customization options for the FortiGuard DNS service.
elements: str
type: list
sdns_server_ip:
description:
- IP address of the FortiGuard DNS rating server.
elements: str
type: list
sdns_server_port:
description:
- Port to connect to on the FortiGuard DNS rating server.
type: int
service_account_id:
description:
- Service account ID.
type: str
source_ip:
description:
- Source IPv4 address used to communicate with FortiGuard.
type: str
source_ip6:
description:
- Source IPv6 address used to communicate with FortiGuard.
type: str
update_build_proxy:
choices:
- enable
- disable
description:
- Enable/disable proxy dictionary rebuild.
type: str
update_dldb:
choices:
- enable
- disable
description:
- Enable/disable DLP signature update.
type: str
update_extdb:
choices:
- enable
- disable
description:
- Enable/disable external resource update.
type: str
update_ffdb:
choices:
- enable
- disable
description:
- Enable/disable Internet Service Database update.
type: str
update_server_location:
choices:
- automatic
- usa
- eu
- any
description:
- Location from which to receive FortiGuard updates.
type: str
update_uwdb:
choices:
- enable
- disable
description:
- Enable/disable allowlist update.
type: str
vdom:
description:
- FortiGuard Service virtual domain name. Source system.vdom.name.
type: str
videofilter_expiration:
description:
- Expiration date of the FortiGuard video filter contract.
type: int
videofilter_license:
description:
- Interval of time between license checks for the FortiGuard video filter contract.
type: int
webfilter_cache:
choices:
- enable
- disable
description:
- Enable/disable FortiGuard web filter caching.
type: str
webfilter_cache_ttl:
description:
- Time-to-live for web filter cache entries in seconds (300 - 86400).
type: int
webfilter_expiration:
description:
- Expiration date of the FortiGuard web filter contract.
type: int
webfilter_force_off:
choices:
- enable
- disable
description:
- Enable/disable turning off the FortiGuard web filtering service.
type: str
webfilter_license:
description:
- Interval of time between license checks for the FortiGuard web filter contract.
type: int
webfilter_timeout:
description:
- Web filter query time out (1 - 30 sec).
type: int
type: dict
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str