lix_fortinet / lix_fortinet.fortios / 102.2.120 / module / fortios_endpoint_control_profile Configure FortiClient endpoint control profiles in Fortinet's FortiOS and FortiGate. | "added in version" 2.0.0 of lix_fortinet.fortios" Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico) preview | supported by communitylix_fortinet.fortios.fortios_endpoint_control_profile (102.2.120) — module
Install with ansible-galaxy collection install lix_fortinet.fortios:==102.2.120
collections: - name: lix_fortinet.fortios version: 102.2.120
This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify endpoint_control feature and profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
- hosts: fortigates collections: - fortinet.fortios connection: httpapi vars: vdom: "root" ansible_httpapi_use_ssl: yes ansible_httpapi_validate_certs: no ansible_httpapi_port: 443 tasks: - name: Configure FortiClient endpoint control profiles. fortios_endpoint_control_profile: vdom: "{{ vdom }}" state: "present" access_token: "<your_own_value>" endpoint_control_profile: description: "<your_own_value>" device_groups: - name: "default_name_5 (source user.device-group.name user.device-category.name)" forticlient_android_settings: disable_wf_when_protected: "enable" forticlient_advanced_vpn: "enable" forticlient_advanced_vpn_buffer: "<your_own_value>" forticlient_vpn_provisioning: "enable" forticlient_vpn_settings: - auth_method: "psk" name: "default_name_13" preshared_key: "<your_own_value>" remote_gw: "<your_own_value>" sslvpn_access_port: "32767" sslvpn_require_certificate: "enable" type: "ipsec" forticlient_wf: "enable" forticlient_wf_profile: "<your_own_value> (source webfilter.profile.name)" forticlient_ios_settings: client_vpn_provisioning: "enable" client_vpn_settings: - auth_method: "psk" name: "default_name_25" preshared_key: "<your_own_value>" remote_gw: "<your_own_value>" sslvpn_access_port: "32767" sslvpn_require_certificate: "enable" type: "ipsec" vpn_configuration_content: "<your_own_value>" vpn_configuration_name: "<your_own_value>" configuration_content: "<your_own_value>" configuration_name: "<your_own_value>" disable_wf_when_protected: "enable" distribute_configuration_profile: "enable" forticlient_wf: "enable" forticlient_wf_profile: "<your_own_value> (source webfilter.profile.name)" forticlient_winmac_settings: av_realtime_protection: "enable" av_signature_up_to_date: "enable" forticlient_application_firewall: "enable" forticlient_application_firewall_list: "<your_own_value> (source application.list.name)" forticlient_av: "enable" forticlient_ems_compliance: "enable" forticlient_ems_compliance_action: "block" forticlient_ems_entries: - name: "default_name_48 (source endpoint-control.forticlient-ems.name)" forticlient_linux_ver: "<your_own_value>" forticlient_log_upload: "enable" forticlient_log_upload_level: "traffic" forticlient_log_upload_server: "<your_own_value>" forticlient_mac_ver: "<your_own_value>" forticlient_minimum_software_version: "enable" forticlient_operating_system: - id: "56" os_name: "<your_own_value>" os_type: "custom" forticlient_own_file: - file: "<your_own_value>" id: "61" forticlient_registration_compliance_action: "block" forticlient_registry_entry: - id: "64" registry_entry: "<your_own_value>" forticlient_running_app: - app_name: "<your_own_value>" app_sha256_signature: "<your_own_value>" app_sha256_signature2: "<your_own_value>" app_sha256_signature3: "<your_own_value>" app_sha256_signature4: "<your_own_value>" application_check_rule: "present" id: "73" process_name: "<your_own_value>" process_name2: "<your_own_value>" process_name3: "<your_own_value>" process_name4: "<your_own_value>" forticlient_security_posture: "enable" forticlient_security_posture_compliance_action: "block" forticlient_system_compliance: "enable" forticlient_system_compliance_action: "block" forticlient_vuln_scan: "enable" forticlient_vuln_scan_compliance_action: "block" forticlient_vuln_scan_enforce: "critical" forticlient_vuln_scan_enforce_grace: "15" forticlient_vuln_scan_exempt: "enable" forticlient_wf: "enable" forticlient_wf_profile: "<your_own_value> (source webfilter.profile.name)" forticlient_win_ver: "<your_own_value>" os_av_software_installed: "enable" sandbox_address: "<your_own_value>" sandbox_analysis: "enable" on_net_addr: - name: "default_name_94 (source firewall.address.name firewall.addrgrp.name)" profile_name: "<your_own_value>" replacemsg_override_group: "<your_own_value> (source system.replacemsg-group.name)" src_addr: - name: "default_name_98 (source firewall.address.name firewall.addrgrp.name)" user_groups: - name: "default_name_100 (source user.group.name)" users: - name: "default_name_102 (source user.local.name)"
vdom: default: root description: - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str state: choices: - present - absent description: - Indicates whether to create or remove the object. required: true type: str enable_log: default: false description: - Enable/Disable logging for task. required: false type: bool member_path: description: - Member attribute path to operate on. - Delimited by a slash character if there are more than one attribute. - Parameter marked with member_path is legitimate for doing member operation. type: str access_token: description: - Token-based authentication. Generated from GUI of Fortigate. required: false type: str member_state: choices: - present - absent description: - Add or delete a member under specified attribute path. - When member_state is specified, the state option is ignored. type: str endpoint_control_profile: default: null description: - Configure FortiClient endpoint control profiles. suboptions: description: description: - Description. type: str device_groups: description: - Device groups. elements: dict suboptions: name: description: - Device group object from available options. Source user.device-group.name user.device-category.name. type: str type: list forticlient_android_settings: description: - FortiClient settings for Android platform. suboptions: disable_wf_when_protected: choices: - enable - disable description: - Enable/disable FortiClient web category filtering when protected by FortiGate. type: str forticlient_advanced_vpn: choices: - enable - disable description: - Enable/disable advanced FortiClient VPN configuration. type: str forticlient_advanced_vpn_buffer: description: - Advanced FortiClient VPN configuration. type: str forticlient_vpn_provisioning: choices: - enable - disable description: - Enable/disable FortiClient VPN provisioning. type: str forticlient_vpn_settings: description: - FortiClient VPN settings. elements: dict suboptions: auth_method: choices: - psk - certificate description: - Authentication method. type: str name: description: - VPN name. type: str preshared_key: description: - Pre-shared secret for PSK authentication. type: str remote_gw: description: - IP address or FQDN of the remote VPN gateway. type: str sslvpn_access_port: description: - SSL VPN access port (1 - 65535). type: int sslvpn_require_certificate: choices: - enable - disable description: - Enable/disable requiring SSL VPN client certificate. type: str type: choices: - ipsec - ssl description: - VPN type (IPsec or SSL VPN). type: str type: list forticlient_wf: choices: - enable - disable description: - Enable/disable FortiClient web filtering. type: str forticlient_wf_profile: description: - The FortiClient web filter profile to apply. Source webfilter.profile.name. type: str type: dict forticlient_ios_settings: description: - FortiClient settings for iOS platform. suboptions: client_vpn_provisioning: choices: - enable - disable description: - FortiClient VPN provisioning. type: str client_vpn_settings: description: - FortiClient VPN settings. elements: dict suboptions: auth_method: choices: - psk - certificate description: - Authentication method. type: str name: description: - VPN name. type: str preshared_key: description: - Pre-shared secret for PSK authentication. type: str remote_gw: description: - IP address or FQDN of the remote VPN gateway. type: str sslvpn_access_port: description: - SSL VPN access port (1 - 65535). type: int sslvpn_require_certificate: choices: - enable - disable description: - Enable/disable requiring SSL VPN client certificate. type: str type: choices: - ipsec - ssl description: - VPN type (IPsec or SSL VPN). type: str vpn_configuration_content: description: - Content of VPN configuration. type: str vpn_configuration_name: description: - Name of VPN configuration. type: str type: list configuration_content: description: - Content of configuration profile. type: str configuration_name: description: - Name of configuration profile. type: str disable_wf_when_protected: choices: - enable - disable description: - Enable/disable FortiClient web category filtering when protected by FortiGate. type: str distribute_configuration_profile: choices: - enable - disable description: - Enable/disable configuration profile (.mobileconfig file) distribution. type: str forticlient_wf: choices: - enable - disable description: - Enable/disable FortiClient web filtering. type: str forticlient_wf_profile: description: - The FortiClient web filter profile to apply. Source webfilter.profile.name. type: str type: dict forticlient_winmac_settings: description: - FortiClient settings for Windows/Mac platform. suboptions: av_realtime_protection: choices: - enable - disable description: - Enable/disable FortiClient AntiVirus real-time protection. type: str av_signature_up_to_date: choices: - enable - disable description: - Enable/disable FortiClient AV signature updates. type: str forticlient_application_firewall: choices: - enable - disable description: - Enable/disable the FortiClient application firewall. type: str forticlient_application_firewall_list: description: - FortiClient application firewall rule list. Source application.list.name. type: str forticlient_av: choices: - enable - disable description: - Enable/disable FortiClient AntiVirus scanning. type: str forticlient_ems_compliance: choices: - enable - disable description: - Enable/disable FortiClient Enterprise Management Server (EMS) compliance. type: str forticlient_ems_compliance_action: choices: - block - warning description: - FortiClient EMS compliance action. type: str forticlient_ems_entries: description: - FortiClient EMS entries. elements: dict suboptions: name: description: - FortiClient EMS name. Source endpoint-control.forticlient-ems.name. type: str type: list forticlient_linux_ver: description: - Minimum FortiClient Linux version. type: str forticlient_log_upload: choices: - enable - disable description: - Enable/disable uploading FortiClient logs. type: str forticlient_log_upload_level: choices: - traffic - vulnerability - event description: - Select the FortiClient logs to upload. type: str forticlient_log_upload_server: description: - IP address or FQDN of the server to which to upload FortiClient logs. type: str forticlient_mac_ver: description: - Minimum FortiClient Mac OS version. type: str forticlient_minimum_software_version: choices: - enable - disable description: - Enable/disable requiring clients to run FortiClient with a minimum software version number. type: str forticlient_operating_system: description: - FortiClient operating system. elements: dict suboptions: id: description: - Operating system entry ID. type: int os_name: description: - Customize operating system name or Mac OS format:x.x.x type: str os_type: choices: - custom - mac-os - win-7 - win-80 - win-81 - win-10 - win-2000 - win-home-svr - win-svr-10 - win-svr-2003 - win-svr-2003-r2 - win-svr-2008 - win-svr-2008-r2 - win-svr-2012 - win-svr-2012-r2 - win-sto-svr-2003 - win-vista - win-xp - ubuntu-linux - centos-linux - redhat-linux - fedora-linux description: - Operating system type. type: str type: list forticlient_own_file: description: - Checking the path and filename of the FortiClient application. elements: dict suboptions: file: description: - File path and name. type: str id: description: - File ID. type: int type: list forticlient_registration_compliance_action: choices: - block - warning description: - FortiClient registration compliance action. type: str forticlient_registry_entry: description: - FortiClient registry entry. elements: dict suboptions: id: description: - Registry entry ID. type: int registry_entry: description: - Registry entry. type: str type: list forticlient_running_app: description: - Use FortiClient to verify if the listed applications are running on the client. elements: dict suboptions: app_name: description: - Application name. type: str app_sha256_signature: description: - App"s SHA256 signature. type: str app_sha256_signature2: description: - App"s SHA256 Signature. type: str app_sha256_signature3: description: - App"s SHA256 Signature. type: str app_sha256_signature4: description: - App"s SHA256 Signature. type: str application_check_rule: choices: - present - absent description: - Application check rule. type: str id: description: - Application ID. type: int process_name: description: - Process name. type: str process_name2: description: - Process name. type: str process_name3: description: - Process name. type: str process_name4: description: - Process name. type: str type: list forticlient_security_posture: choices: - enable - disable description: - Enable/disable FortiClient security posture check options. type: str forticlient_security_posture_compliance_action: choices: - block - warning description: - FortiClient security posture compliance action. type: str forticlient_system_compliance: choices: - enable - disable description: - Enable/disable enforcement of FortiClient system compliance. type: str forticlient_system_compliance_action: choices: - block - warning description: - Block or warn clients not compliant with FortiClient requirements. type: str forticlient_vuln_scan: choices: - enable - disable description: - Enable/disable FortiClient vulnerability scanning. type: str forticlient_vuln_scan_compliance_action: choices: - block - warning description: - FortiClient vulnerability compliance action. type: str forticlient_vuln_scan_enforce: choices: - critical - high - medium - low - info description: - Configure the level of the vulnerability found that causes a FortiClient vulnerability compliance action. type: str forticlient_vuln_scan_enforce_grace: description: - FortiClient vulnerability scan enforcement grace period (0 - 30 days). type: int forticlient_vuln_scan_exempt: choices: - enable - disable description: - Enable/disable compliance exemption for vulnerabilities that cannot be patched automatically. type: str forticlient_wf: choices: - enable - disable description: - Enable/disable FortiClient web filtering. type: str forticlient_wf_profile: description: - The FortiClient web filter profile to apply. Source webfilter.profile.name. type: str forticlient_win_ver: description: - Minimum FortiClient Windows version. type: str os_av_software_installed: choices: - enable - disable description: - Enable/disable checking for OS recognized AntiVirus software. type: str sandbox_address: description: - FortiSandbox address. type: str sandbox_analysis: choices: - enable - disable description: - Enable/disable sending files to FortiSandbox for analysis. type: str type: dict on_net_addr: description: - Addresses for on-net detection. elements: dict suboptions: name: description: - Address object from available options. Source firewall.address.name firewall.addrgrp.name. type: str type: list profile_name: description: - Profile name. type: str replacemsg_override_group: description: - Select an endpoint control replacement message override group from available options. Source system.replacemsg-group.name. type: str src_addr: description: - Source addresses. elements: dict suboptions: name: description: - Address object from available options. Source firewall.address.name firewall.addrgrp.name. type: str type: list user_groups: description: - User groups. elements: dict suboptions: name: description: - User group name. Source user.group.name. type: str type: list users: description: - Users. elements: dict suboptions: name: description: - User name. Source user.local.name. type: str type: list type: dict
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str