Try SpotterConfigure MMS profiles in Fortinet's FortiOS and FortiGate.
| "added in version" 2.0.0 of lix_fortinet.fortios"
Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico)
preview | supported by community
Install with ansible-galaxy collection install lix_fortinet.fortios:==102.2.120
collections:
- name: lix_fortinet.fortios
version: 102.2.120This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and mms_profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure MMS profiles.
fortios_firewall_mms_profile:
vdom: "{{ vdom }}"
state: "present"
access_token: "<your_own_value>"
firewall_mms_profile:
avnotificationtable: "2147483647"
bwordtable: "2147483647"
carrier_endpoint_prefix: "enable"
carrier_endpoint_prefix_range_max: "24"
carrier_endpoint_prefix_range_min: "24"
carrier_endpoint_prefix_string: "<your_own_value>"
carrierendpointbwltable: "2147483647"
comment: "Comment."
dupe:
-
action1: "block"
action2: "block"
action3: "block"
block_time1: "17895"
block_time2: "17895"
block_time3: "17895"
limit1: "1073741823"
limit2: "1073741823"
limit3: "1073741823"
protocol: "<your_own_value>"
status1: "enable"
status2: "enable"
status3: "enable"
window1: "1440"
window2: "1440"
window3: "1440"
extended_utm_log: "<your_own_value>"
flood:
-
action1: "block"
action2: "block"
action3: "block"
block_time1: "17895"
block_time2: "17895"
block_time3: "17895"
limit1: "1073741823"
limit2: "1073741823"
limit3: "1073741823"
protocol: "<your_own_value>"
status1: "enable"
status2: "enable"
status3: "enable"
window1: "1440"
window2: "1440"
window3: "1440"
mm1: "avmonitor"
mm1_addr_hdr: "<your_own_value>"
mm1_addr_source: "http-header"
mm1_convert_hex: "enable"
mm1_outbreak_prevention: "disabled"
mm1_retr_dupe: "enable"
mm1_retrieve_scan: "enable"
mm1comfortamount: "2147483647"
mm1comfortinterval: "2147483647"
mm1oversizelimit: "409600"
mm3: "avmonitor"
mm3_outbreak_prevention: "disabled"
mm3oversizelimit: "409600"
mm4: "avmonitor"
mm4_outbreak_prevention: "disabled"
mm4oversizelimit: "409600"
mm7: "avmonitor"
mm7_addr_hdr: "<your_own_value>"
mm7_addr_source: "http-header"
mm7_convert_hex: "enable"
mm7_outbreak_prevention: "disabled"
mm7comfortamount: "2147483647"
mm7comfortinterval: "2147483647"
mm7oversizelimit: "409600"
mms_antispam_mass_log: "enable"
mms_av_block_log: "enable"
mms_av_oversize_log: "enable"
mms_av_virus_log: "enable"
mms_carrier_endpoint_filter_log: "enable"
mms_checksum_log: "enable"
mms_checksum_table: "2147483647"
mms_notification_log: "enable"
mms_web_content_log: "enable"
mmsbwordthreshold: "1073741823"
name: "default_name_80"
notif_msisdn:
-
msisdn: "<your_own_value>"
threshold: "flood-thresh-1"
notification:
-
alert_int: "720"
alert_int_mode: "hours"
alert_src_msisdn: "<your_own_value>"
alert_status: "enable"
bword_int: "720"
bword_int_mode: "hours"
bword_status: "enable"
carrier_endpoint_bwl_int: "720"
carrier_endpoint_bwl_int_mode: "hours"
carrier_endpoint_bwl_status: "enable"
days_allowed: "sunday"
detect_server: "enable"
dupe_int: "720"
dupe_int_mode: "hours"
dupe_status: "enable"
file_block_int: "720"
file_block_int_mode: "hours"
file_block_status: "enable"
flood_int: "720"
flood_int_mode: "hours"
flood_status: "enable"
from_in_header: "enable"
mms_checksum_int: "720"
mms_checksum_int_mode: "hours"
mms_checksum_status: "enable"
mmsc_hostname: "myhostname"
mmsc_password: "<your_own_value>"
mmsc_port: "32767"
mmsc_url: "<your_own_value>"
mmsc_username: "<your_own_value>"
msg_protocol: "mm1"
msg_type: "submit-req"
protocol: "<your_own_value>"
rate_limit: "125"
tod_window_duration: "<your_own_value>"
tod_window_end: "<your_own_value>"
tod_window_start: "<your_own_value>"
user_domain: "<your_own_value>"
vas_id: "<your_own_value>"
vasp_id: "<your_own_value>"
virus_int: "720"
virus_int_mode: "hours"
virus_status: "enable"
outbreak_prevention:
external_blocklist: "disable"
ftgd_service: "disable"
remove_blocked_const_length: "enable"
replacemsg_group: "<your_own_value> (source system.replacemsg-group.name)"
vdom:
default: root
description:
- Virtual domain, among those defined previously. A vdom is a virtual instance of
the FortiGate that can be configured and used as a different unit.
type: str
state:
choices:
- present
- absent
description:
- Indicates whether to create or remove the object.
required: true
type: str
enable_log:
default: false
description:
- Enable/Disable logging for task.
required: false
type: bool
member_path:
description:
- Member attribute path to operate on.
- Delimited by a slash character if there are more than one attribute.
- Parameter marked with member_path is legitimate for doing member operation.
type: str
access_token:
description:
- Token-based authentication. Generated from GUI of Fortigate.
required: false
type: str
member_state:
choices:
- present
- absent
description:
- Add or delete a member under specified attribute path.
- When member_state is specified, the state option is ignored.
type: str
firewall_mms_profile:
default: null
description:
- Configure MMS profiles.
suboptions:
avnotificationtable:
description:
- AntiVirus notification table ID. Source antivirus.notification.id.
type: int
bwordtable:
description:
- MMS banned word table ID. Source webfilter.content.id.
type: int
carrier_endpoint_prefix:
choices:
- enable
- disable
description:
- Enable/disable prefixing of end point values.
type: str
carrier_endpoint_prefix_range_max:
description:
- Maximum length of end point value that can be prefixed (1 - 48).
type: int
carrier_endpoint_prefix_range_min:
description:
- Minimum end point length to be prefixed (1 - 48).
type: int
carrier_endpoint_prefix_string:
description:
- String with which to prefix End point values.
type: str
carrierendpointbwltable:
description:
- Carrier end point filter table ID. Source firewall.carrier-endpoint-bwl.id.
type: int
comment:
description:
- Comment.
type: str
dupe:
description:
- Duplicate configuration.
elements: dict
suboptions:
action1:
choices:
- block
- archive
- log
- archive-first
- alert-notif
description:
- Action to take when threshold reached.
elements: str
type: list
action2:
choices:
- block
- archive
- log
- archive-first
- alert-notif
description:
- Action to take when threshold reached.
elements: str
type: list
action3:
choices:
- block
- archive
- log
- archive-first
- alert-notif
description:
- Action to take when threshold reached.
elements: str
type: list
block_time1:
description:
- Duration for which action takes effect (0 - 35791 min).
type: int
block_time2:
description:
- Duration for which action takes effect (0 - 35791 min).
type: int
block_time3:
description:
- Duration action takes effect (0 - 35791 min).
type: int
limit1:
description:
- Maximum number of messages allowed.
type: int
limit2:
description:
- Maximum number of messages allowed.
type: int
limit3:
description:
- Maximum number of messages allowed.
type: int
protocol:
description:
- Protocol.
type: str
status1:
choices:
- enable
- disable
description:
- Enable/disable status1 detection.
type: str
status2:
choices:
- enable
- disable
description:
- Enable/disable status2 detection.
type: str
status3:
choices:
- enable
- disable
description:
- Enable/disable status3 detection.
type: str
window1:
description:
- Window to count messages over (1 - 2880 min).
type: int
window2:
description:
- Window to count messages over (1 - 2880 min).
type: int
window3:
description:
- Window to count messages over (1 - 2880 min).
type: int
type: list
extended_utm_log:
description:
- Enable/disable detailed UTM log messages.
type: str
flood:
description:
- Flood configuration.
elements: dict
suboptions:
action1:
choices:
- block
- archive
- log
- archive-first
- alert-notif
description:
- Action to take when threshold reached.
elements: str
type: list
action2:
choices:
- block
- archive
- log
- archive-first
- alert-notif
description:
- Action to take when threshold reached.
elements: str
type: list
action3:
choices:
- block
- archive
- log
- archive-first
- alert-notif
description:
- Action to take when threshold reached.
elements: str
type: list
block_time1:
description:
- Duration for which action takes effect (0 - 35791 min).
type: int
block_time2:
description:
- Duration for which action takes effect (0 - 35791 min).
type: int
block_time3:
description:
- Duration action takes effect (0 - 35791 min).
type: int
limit1:
description:
- Maximum number of messages allowed.
type: int
limit2:
description:
- Maximum number of messages allowed.
type: int
limit3:
description:
- Maximum number of messages allowed.
type: int
protocol:
description:
- Protocol.
type: str
status1:
choices:
- enable
- disable
description:
- Enable/disable status1 detection.
type: str
status2:
choices:
- enable
- disable
description:
- Enable/disable status2 detection.
type: str
status3:
choices:
- enable
- disable
description:
- Enable/disable status3 detection.
type: str
window1:
description:
- Window to count messages over (1 - 2880 min).
type: int
window2:
description:
- Window to count messages over (1 - 2880 min).
type: int
window3:
description:
- Window to count messages over (1 - 2880 min).
type: int
type: list
mm1:
choices:
- avmonitor
- oversize
- quarantine
- scan
- bannedword
- chunkedbypass
- clientcomfort
- servercomfort
- carrier-endpoint-bwl
- remove-blocked
- mms-checksum
description:
- MM1 options.
elements: str
type: list
mm1_addr_hdr:
description:
- HTTP header field (for MM1) containing user address.
type: str
mm1_addr_source:
choices:
- http-header
- cookie
description:
- Source for MM1 user address.
type: str
mm1_convert_hex:
choices:
- enable
- disable
description:
- Enable/disable converting user address from HEX string for MM1.
type: str
mm1_outbreak_prevention:
choices:
- disabled
- files
- full-archive
description:
- Enable Virus Outbreak Prevention service.
type: str
mm1_retr_dupe:
choices:
- enable
- disable
description:
- Enable/disable duplicate scanning of MM1 retr.
type: str
mm1_retrieve_scan:
choices:
- enable
- disable
description:
- Enable/disable scanning on MM1 retrieve configuration messages.
type: str
mm1comfortamount:
description:
- MM1 comfort amount (0 - 4294967295).
type: int
mm1comfortinterval:
description:
- MM1 comfort interval (0 - 4294967295).
type: int
mm1oversizelimit:
description:
- Maximum file size to scan (1 - 819200 kB).
type: int
mm3:
choices:
- avmonitor
- oversize
- quarantine
- scan
- bannedword
- fragmail
- splice
- carrier-endpoint-bwl
- remove-blocked
- mms-checksum
description:
- MM3 options.
elements: str
type: list
mm3_outbreak_prevention:
choices:
- disabled
- files
- full-archive
description:
- Enable Virus Outbreak Prevention service.
type: str
mm3oversizelimit:
description:
- Maximum file size to scan (1 - 819200 kB).
type: int
mm4:
choices:
- avmonitor
- oversize
- quarantine
- scan
- bannedword
- fragmail
- splice
- carrier-endpoint-bwl
- remove-blocked
- mms-checksum
description:
- MM4 options.
elements: str
type: list
mm4_outbreak_prevention:
choices:
- disabled
- files
- full-archive
description:
- Enable Virus Outbreak Prevention service.
type: str
mm4oversizelimit:
description:
- Maximum file size to scan (1 - 819200 kB).
type: int
mm7:
choices:
- avmonitor
- oversize
- quarantine
- scan
- bannedword
- chunkedbypass
- clientcomfort
- servercomfort
- carrier-endpoint-bwl
- remove-blocked
- mms-checksum
description:
- MM7 options.
elements: str
type: list
mm7_addr_hdr:
description:
- HTTP header field (for MM7) containing user address.
type: str
mm7_addr_source:
choices:
- http-header
- cookie
description:
- Source for MM7 user address.
type: str
mm7_convert_hex:
choices:
- enable
- disable
description:
- Enable/disable conversion of user address from HEX string for MM7.
type: str
mm7_outbreak_prevention:
choices:
- disabled
- files
- full-archive
description:
- Enable Virus Outbreak Prevention service.
type: str
mm7comfortamount:
description:
- MM7 comfort amount (0 - 4294967295).
type: int
mm7comfortinterval:
description:
- MM7 comfort interval (0 - 4294967295).
type: int
mm7oversizelimit:
description:
- Maximum file size to scan (1 - 819200 kB).
type: int
mms_antispam_mass_log:
choices:
- enable
- disable
description:
- Enable/disable logging for MMS antispam mass.
type: str
mms_av_block_log:
choices:
- enable
- disable
description:
- Enable/disable logging for MMS antivirus file blocking.
type: str
mms_av_oversize_log:
choices:
- enable
- disable
description:
- Enable/disable logging for MMS antivirus oversize file blocking.
type: str
mms_av_virus_log:
choices:
- enable
- disable
description:
- Enable/disable logging for MMS antivirus scanning.
type: str
mms_carrier_endpoint_filter_log:
choices:
- enable
- disable
description:
- Enable/disable logging for MMS end point filter blocking.
type: str
mms_checksum_log:
choices:
- enable
- disable
description:
- Enable/disable MMS content checksum logging.
type: str
mms_checksum_table:
description:
- MMS content checksum table ID. Source antivirus.mms-checksum.id.
type: int
mms_notification_log:
choices:
- enable
- disable
description:
- Enable/disable logging for MMS notification messages.
type: str
mms_web_content_log:
choices:
- enable
- disable
description:
- Enable/disable logging for MMS web content blocking.
type: str
mmsbwordthreshold:
description:
- MMS banned word threshold.
type: int
name:
description:
- Profile name.
required: true
type: str
notif_msisdn:
description:
- Notification for MSISDNs.
elements: dict
suboptions:
msisdn:
description:
- Recipient MSISDN.
type: str
threshold:
choices:
- flood-thresh-1
- flood-thresh-2
- flood-thresh-3
- dupe-thresh-1
- dupe-thresh-2
- dupe-thresh-3
description:
- Thresholds on which this MSISDN will receive an alert.
elements: str
type: list
type: list
notification:
description:
- Notification configuration.
elements: dict
suboptions:
alert_int:
description:
- Alert notification send interval.
type: int
alert_int_mode:
choices:
- hours
- minutes
description:
- Alert notification interval mode.
type: str
alert_src_msisdn:
description:
- Specify from address for alert messages.
type: str
alert_status:
choices:
- enable
- disable
description:
- Alert notification status.
type: str
bword_int:
description:
- Banned word notification send interval.
type: int
bword_int_mode:
choices:
- hours
- minutes
description:
- Banned word notification interval mode.
type: str
bword_status:
choices:
- enable
- disable
description:
- Banned word notification status.
type: str
carrier_endpoint_bwl_int:
description:
- Carrier end point black/white list notification send interval.
type: int
carrier_endpoint_bwl_int_mode:
choices:
- hours
- minutes
description:
- Carrier end point black/white list notification interval mode.
type: str
carrier_endpoint_bwl_status:
choices:
- enable
- disable
description:
- Carrier end point black/white list notification status.
type: str
days_allowed:
choices:
- sunday
- monday
- tuesday
- wednesday
- thursday
- friday
- saturday
description:
- Weekdays on which notification messages may be sent.
elements: str
type: list
detect_server:
choices:
- enable
- disable
description:
- Enable/disable automatic server address determination.
type: str
dupe_int:
description:
- Duplicate notification send interval.
type: int
dupe_int_mode:
choices:
- hours
- minutes
description:
- Duplicate notification interval mode.
type: str
dupe_status:
choices:
- enable
- disable
description:
- Duplicate notification status.
type: str
file_block_int:
description:
- File block notification send interval.
type: int
file_block_int_mode:
choices:
- hours
- minutes
description:
- File block notification interval mode.
type: str
file_block_status:
choices:
- enable
- disable
description:
- File block notification status.
type: str
flood_int:
description:
- Flood notification send interval.
type: int
flood_int_mode:
choices:
- hours
- minutes
description:
- Flood notification interval mode.
type: str
flood_status:
choices:
- enable
- disable
description:
- Flood notification status.
type: str
from_in_header:
choices:
- enable
- disable
description:
- Enable/disable insertion of from address in HTTP header.
type: str
mms_checksum_int:
description:
- MMS checksum notification send interval.
type: int
mms_checksum_int_mode:
choices:
- hours
- minutes
description:
- MMS checksum notification interval mode.
type: str
mms_checksum_status:
choices:
- enable
- disable
description:
- MMS checksum notification status.
type: str
mmsc_hostname:
description:
- Host name or IP address of the MMSC.
type: str
mmsc_password:
description:
- Password required for authentication with the MMSC.
type: str
mmsc_port:
description:
- Port used on the MMSC for sending MMS messages (1 - 65535).
type: int
mmsc_url:
description:
- URL used on the MMSC for sending MMS messages.
type: str
mmsc_username:
description:
- User name required for authentication with the MMSC.
type: str
msg_protocol:
choices:
- mm1
- mm3
- mm4
- mm7
description:
- Protocol to use for sending notification messages.
type: str
msg_type:
choices:
- submit-req
- deliver-req
description:
- MM7 message type.
type: str
protocol:
description:
- Protocol.
type: str
rate_limit:
description:
- Rate limit for sending notification messages (0 - 250).
type: int
tod_window_duration:
description:
- Time of day window duration.
type: str
tod_window_end:
description:
- Obsolete.
type: str
tod_window_start:
description:
- Time of day window start.
type: str
user_domain:
description:
- Domain name to which the user addresses belong.
type: str
vas_id:
description:
- VAS identifier.
type: str
vasp_id:
description:
- VASP identifier.
type: str
virus_int:
description:
- Virus notification send interval.
type: int
virus_int_mode:
choices:
- hours
- minutes
description:
- Virus notification interval mode.
type: str
virus_status:
choices:
- enable
- disable
description:
- Virus notification status.
type: str
type: list
outbreak_prevention:
description:
- Configure Virus Outbreak Prevention settings.
suboptions:
external_blocklist:
choices:
- disable
- enable
description:
- Enable/disable external malware blocklist.
type: str
ftgd_service:
choices:
- disable
- enable
description:
- Enable/disable FortiGuard Virus outbreak prevention service.
type: str
type: dict
remove_blocked_const_length:
choices:
- enable
- disable
description:
- Enable/disable MMS replacement of blocked file constant length.
type: str
replacemsg_group:
description:
- Replacement message group. Source system.replacemsg-group.name.
type: str
type: dict
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str