lix_fortinet / lix_fortinet.fortios / 102.2.120 / module / fortios_firewall_mms_profile Configure MMS profiles in Fortinet's FortiOS and FortiGate. | "added in version" 2.0.0 of lix_fortinet.fortios" Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico) preview | supported by communitylix_fortinet.fortios.fortios_firewall_mms_profile (102.2.120) — module
Install with ansible-galaxy collection install lix_fortinet.fortios:==102.2.120
collections: - name: lix_fortinet.fortios version: 102.2.120
This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and mms_profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
- hosts: fortigates collections: - fortinet.fortios connection: httpapi vars: vdom: "root" ansible_httpapi_use_ssl: yes ansible_httpapi_validate_certs: no ansible_httpapi_port: 443 tasks: - name: Configure MMS profiles. fortios_firewall_mms_profile: vdom: "{{ vdom }}" state: "present" access_token: "<your_own_value>" firewall_mms_profile: avnotificationtable: "2147483647" bwordtable: "2147483647" carrier_endpoint_prefix: "enable" carrier_endpoint_prefix_range_max: "24" carrier_endpoint_prefix_range_min: "24" carrier_endpoint_prefix_string: "<your_own_value>" carrierendpointbwltable: "2147483647" comment: "Comment." dupe: - action1: "block" action2: "block" action3: "block" block_time1: "17895" block_time2: "17895" block_time3: "17895" limit1: "1073741823" limit2: "1073741823" limit3: "1073741823" protocol: "<your_own_value>" status1: "enable" status2: "enable" status3: "enable" window1: "1440" window2: "1440" window3: "1440" extended_utm_log: "<your_own_value>" flood: - action1: "block" action2: "block" action3: "block" block_time1: "17895" block_time2: "17895" block_time3: "17895" limit1: "1073741823" limit2: "1073741823" limit3: "1073741823" protocol: "<your_own_value>" status1: "enable" status2: "enable" status3: "enable" window1: "1440" window2: "1440" window3: "1440" mm1: "avmonitor" mm1_addr_hdr: "<your_own_value>" mm1_addr_source: "http-header" mm1_convert_hex: "enable" mm1_outbreak_prevention: "disabled" mm1_retr_dupe: "enable" mm1_retrieve_scan: "enable" mm1comfortamount: "2147483647" mm1comfortinterval: "2147483647" mm1oversizelimit: "409600" mm3: "avmonitor" mm3_outbreak_prevention: "disabled" mm3oversizelimit: "409600" mm4: "avmonitor" mm4_outbreak_prevention: "disabled" mm4oversizelimit: "409600" mm7: "avmonitor" mm7_addr_hdr: "<your_own_value>" mm7_addr_source: "http-header" mm7_convert_hex: "enable" mm7_outbreak_prevention: "disabled" mm7comfortamount: "2147483647" mm7comfortinterval: "2147483647" mm7oversizelimit: "409600" mms_antispam_mass_log: "enable" mms_av_block_log: "enable" mms_av_oversize_log: "enable" mms_av_virus_log: "enable" mms_carrier_endpoint_filter_log: "enable" mms_checksum_log: "enable" mms_checksum_table: "2147483647" mms_notification_log: "enable" mms_web_content_log: "enable" mmsbwordthreshold: "1073741823" name: "default_name_80" notif_msisdn: - msisdn: "<your_own_value>" threshold: "flood-thresh-1" notification: - alert_int: "720" alert_int_mode: "hours" alert_src_msisdn: "<your_own_value>" alert_status: "enable" bword_int: "720" bword_int_mode: "hours" bword_status: "enable" carrier_endpoint_bwl_int: "720" carrier_endpoint_bwl_int_mode: "hours" carrier_endpoint_bwl_status: "enable" days_allowed: "sunday" detect_server: "enable" dupe_int: "720" dupe_int_mode: "hours" dupe_status: "enable" file_block_int: "720" file_block_int_mode: "hours" file_block_status: "enable" flood_int: "720" flood_int_mode: "hours" flood_status: "enable" from_in_header: "enable" mms_checksum_int: "720" mms_checksum_int_mode: "hours" mms_checksum_status: "enable" mmsc_hostname: "myhostname" mmsc_password: "<your_own_value>" mmsc_port: "32767" mmsc_url: "<your_own_value>" mmsc_username: "<your_own_value>" msg_protocol: "mm1" msg_type: "submit-req" protocol: "<your_own_value>" rate_limit: "125" tod_window_duration: "<your_own_value>" tod_window_end: "<your_own_value>" tod_window_start: "<your_own_value>" user_domain: "<your_own_value>" vas_id: "<your_own_value>" vasp_id: "<your_own_value>" virus_int: "720" virus_int_mode: "hours" virus_status: "enable" outbreak_prevention: external_blocklist: "disable" ftgd_service: "disable" remove_blocked_const_length: "enable" replacemsg_group: "<your_own_value> (source system.replacemsg-group.name)"
vdom: default: root description: - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str state: choices: - present - absent description: - Indicates whether to create or remove the object. required: true type: str enable_log: default: false description: - Enable/Disable logging for task. required: false type: bool member_path: description: - Member attribute path to operate on. - Delimited by a slash character if there are more than one attribute. - Parameter marked with member_path is legitimate for doing member operation. type: str access_token: description: - Token-based authentication. Generated from GUI of Fortigate. required: false type: str member_state: choices: - present - absent description: - Add or delete a member under specified attribute path. - When member_state is specified, the state option is ignored. type: str firewall_mms_profile: default: null description: - Configure MMS profiles. suboptions: avnotificationtable: description: - AntiVirus notification table ID. Source antivirus.notification.id. type: int bwordtable: description: - MMS banned word table ID. Source webfilter.content.id. type: int carrier_endpoint_prefix: choices: - enable - disable description: - Enable/disable prefixing of end point values. type: str carrier_endpoint_prefix_range_max: description: - Maximum length of end point value that can be prefixed (1 - 48). type: int carrier_endpoint_prefix_range_min: description: - Minimum end point length to be prefixed (1 - 48). type: int carrier_endpoint_prefix_string: description: - String with which to prefix End point values. type: str carrierendpointbwltable: description: - Carrier end point filter table ID. Source firewall.carrier-endpoint-bwl.id. type: int comment: description: - Comment. type: str dupe: description: - Duplicate configuration. elements: dict suboptions: action1: choices: - block - archive - log - archive-first - alert-notif description: - Action to take when threshold reached. elements: str type: list action2: choices: - block - archive - log - archive-first - alert-notif description: - Action to take when threshold reached. elements: str type: list action3: choices: - block - archive - log - archive-first - alert-notif description: - Action to take when threshold reached. elements: str type: list block_time1: description: - Duration for which action takes effect (0 - 35791 min). type: int block_time2: description: - Duration for which action takes effect (0 - 35791 min). type: int block_time3: description: - Duration action takes effect (0 - 35791 min). type: int limit1: description: - Maximum number of messages allowed. type: int limit2: description: - Maximum number of messages allowed. type: int limit3: description: - Maximum number of messages allowed. type: int protocol: description: - Protocol. type: str status1: choices: - enable - disable description: - Enable/disable status1 detection. type: str status2: choices: - enable - disable description: - Enable/disable status2 detection. type: str status3: choices: - enable - disable description: - Enable/disable status3 detection. type: str window1: description: - Window to count messages over (1 - 2880 min). type: int window2: description: - Window to count messages over (1 - 2880 min). type: int window3: description: - Window to count messages over (1 - 2880 min). type: int type: list extended_utm_log: description: - Enable/disable detailed UTM log messages. type: str flood: description: - Flood configuration. elements: dict suboptions: action1: choices: - block - archive - log - archive-first - alert-notif description: - Action to take when threshold reached. elements: str type: list action2: choices: - block - archive - log - archive-first - alert-notif description: - Action to take when threshold reached. elements: str type: list action3: choices: - block - archive - log - archive-first - alert-notif description: - Action to take when threshold reached. elements: str type: list block_time1: description: - Duration for which action takes effect (0 - 35791 min). type: int block_time2: description: - Duration for which action takes effect (0 - 35791 min). type: int block_time3: description: - Duration action takes effect (0 - 35791 min). type: int limit1: description: - Maximum number of messages allowed. type: int limit2: description: - Maximum number of messages allowed. type: int limit3: description: - Maximum number of messages allowed. type: int protocol: description: - Protocol. type: str status1: choices: - enable - disable description: - Enable/disable status1 detection. type: str status2: choices: - enable - disable description: - Enable/disable status2 detection. type: str status3: choices: - enable - disable description: - Enable/disable status3 detection. type: str window1: description: - Window to count messages over (1 - 2880 min). type: int window2: description: - Window to count messages over (1 - 2880 min). type: int window3: description: - Window to count messages over (1 - 2880 min). type: int type: list mm1: choices: - avmonitor - oversize - quarantine - scan - bannedword - chunkedbypass - clientcomfort - servercomfort - carrier-endpoint-bwl - remove-blocked - mms-checksum description: - MM1 options. elements: str type: list mm1_addr_hdr: description: - HTTP header field (for MM1) containing user address. type: str mm1_addr_source: choices: - http-header - cookie description: - Source for MM1 user address. type: str mm1_convert_hex: choices: - enable - disable description: - Enable/disable converting user address from HEX string for MM1. type: str mm1_outbreak_prevention: choices: - disabled - files - full-archive description: - Enable Virus Outbreak Prevention service. type: str mm1_retr_dupe: choices: - enable - disable description: - Enable/disable duplicate scanning of MM1 retr. type: str mm1_retrieve_scan: choices: - enable - disable description: - Enable/disable scanning on MM1 retrieve configuration messages. type: str mm1comfortamount: description: - MM1 comfort amount (0 - 4294967295). type: int mm1comfortinterval: description: - MM1 comfort interval (0 - 4294967295). type: int mm1oversizelimit: description: - Maximum file size to scan (1 - 819200 kB). type: int mm3: choices: - avmonitor - oversize - quarantine - scan - bannedword - fragmail - splice - carrier-endpoint-bwl - remove-blocked - mms-checksum description: - MM3 options. elements: str type: list mm3_outbreak_prevention: choices: - disabled - files - full-archive description: - Enable Virus Outbreak Prevention service. type: str mm3oversizelimit: description: - Maximum file size to scan (1 - 819200 kB). type: int mm4: choices: - avmonitor - oversize - quarantine - scan - bannedword - fragmail - splice - carrier-endpoint-bwl - remove-blocked - mms-checksum description: - MM4 options. elements: str type: list mm4_outbreak_prevention: choices: - disabled - files - full-archive description: - Enable Virus Outbreak Prevention service. type: str mm4oversizelimit: description: - Maximum file size to scan (1 - 819200 kB). type: int mm7: choices: - avmonitor - oversize - quarantine - scan - bannedword - chunkedbypass - clientcomfort - servercomfort - carrier-endpoint-bwl - remove-blocked - mms-checksum description: - MM7 options. elements: str type: list mm7_addr_hdr: description: - HTTP header field (for MM7) containing user address. type: str mm7_addr_source: choices: - http-header - cookie description: - Source for MM7 user address. type: str mm7_convert_hex: choices: - enable - disable description: - Enable/disable conversion of user address from HEX string for MM7. type: str mm7_outbreak_prevention: choices: - disabled - files - full-archive description: - Enable Virus Outbreak Prevention service. type: str mm7comfortamount: description: - MM7 comfort amount (0 - 4294967295). type: int mm7comfortinterval: description: - MM7 comfort interval (0 - 4294967295). type: int mm7oversizelimit: description: - Maximum file size to scan (1 - 819200 kB). type: int mms_antispam_mass_log: choices: - enable - disable description: - Enable/disable logging for MMS antispam mass. type: str mms_av_block_log: choices: - enable - disable description: - Enable/disable logging for MMS antivirus file blocking. type: str mms_av_oversize_log: choices: - enable - disable description: - Enable/disable logging for MMS antivirus oversize file blocking. type: str mms_av_virus_log: choices: - enable - disable description: - Enable/disable logging for MMS antivirus scanning. type: str mms_carrier_endpoint_filter_log: choices: - enable - disable description: - Enable/disable logging for MMS end point filter blocking. type: str mms_checksum_log: choices: - enable - disable description: - Enable/disable MMS content checksum logging. type: str mms_checksum_table: description: - MMS content checksum table ID. Source antivirus.mms-checksum.id. type: int mms_notification_log: choices: - enable - disable description: - Enable/disable logging for MMS notification messages. type: str mms_web_content_log: choices: - enable - disable description: - Enable/disable logging for MMS web content blocking. type: str mmsbwordthreshold: description: - MMS banned word threshold. type: int name: description: - Profile name. required: true type: str notif_msisdn: description: - Notification for MSISDNs. elements: dict suboptions: msisdn: description: - Recipient MSISDN. type: str threshold: choices: - flood-thresh-1 - flood-thresh-2 - flood-thresh-3 - dupe-thresh-1 - dupe-thresh-2 - dupe-thresh-3 description: - Thresholds on which this MSISDN will receive an alert. elements: str type: list type: list notification: description: - Notification configuration. elements: dict suboptions: alert_int: description: - Alert notification send interval. type: int alert_int_mode: choices: - hours - minutes description: - Alert notification interval mode. type: str alert_src_msisdn: description: - Specify from address for alert messages. type: str alert_status: choices: - enable - disable description: - Alert notification status. type: str bword_int: description: - Banned word notification send interval. type: int bword_int_mode: choices: - hours - minutes description: - Banned word notification interval mode. type: str bword_status: choices: - enable - disable description: - Banned word notification status. type: str carrier_endpoint_bwl_int: description: - Carrier end point black/white list notification send interval. type: int carrier_endpoint_bwl_int_mode: choices: - hours - minutes description: - Carrier end point black/white list notification interval mode. type: str carrier_endpoint_bwl_status: choices: - enable - disable description: - Carrier end point black/white list notification status. type: str days_allowed: choices: - sunday - monday - tuesday - wednesday - thursday - friday - saturday description: - Weekdays on which notification messages may be sent. elements: str type: list detect_server: choices: - enable - disable description: - Enable/disable automatic server address determination. type: str dupe_int: description: - Duplicate notification send interval. type: int dupe_int_mode: choices: - hours - minutes description: - Duplicate notification interval mode. type: str dupe_status: choices: - enable - disable description: - Duplicate notification status. type: str file_block_int: description: - File block notification send interval. type: int file_block_int_mode: choices: - hours - minutes description: - File block notification interval mode. type: str file_block_status: choices: - enable - disable description: - File block notification status. type: str flood_int: description: - Flood notification send interval. type: int flood_int_mode: choices: - hours - minutes description: - Flood notification interval mode. type: str flood_status: choices: - enable - disable description: - Flood notification status. type: str from_in_header: choices: - enable - disable description: - Enable/disable insertion of from address in HTTP header. type: str mms_checksum_int: description: - MMS checksum notification send interval. type: int mms_checksum_int_mode: choices: - hours - minutes description: - MMS checksum notification interval mode. type: str mms_checksum_status: choices: - enable - disable description: - MMS checksum notification status. type: str mmsc_hostname: description: - Host name or IP address of the MMSC. type: str mmsc_password: description: - Password required for authentication with the MMSC. type: str mmsc_port: description: - Port used on the MMSC for sending MMS messages (1 - 65535). type: int mmsc_url: description: - URL used on the MMSC for sending MMS messages. type: str mmsc_username: description: - User name required for authentication with the MMSC. type: str msg_protocol: choices: - mm1 - mm3 - mm4 - mm7 description: - Protocol to use for sending notification messages. type: str msg_type: choices: - submit-req - deliver-req description: - MM7 message type. type: str protocol: description: - Protocol. type: str rate_limit: description: - Rate limit for sending notification messages (0 - 250). type: int tod_window_duration: description: - Time of day window duration. type: str tod_window_end: description: - Obsolete. type: str tod_window_start: description: - Time of day window start. type: str user_domain: description: - Domain name to which the user addresses belong. type: str vas_id: description: - VAS identifier. type: str vasp_id: description: - VASP identifier. type: str virus_int: description: - Virus notification send interval. type: int virus_int_mode: choices: - hours - minutes description: - Virus notification interval mode. type: str virus_status: choices: - enable - disable description: - Virus notification status. type: str type: list outbreak_prevention: description: - Configure Virus Outbreak Prevention settings. suboptions: external_blocklist: choices: - disable - enable description: - Enable/disable external malware blocklist. type: str ftgd_service: choices: - disable - enable description: - Enable/disable FortiGuard Virus outbreak prevention service. type: str type: dict remove_blocked_const_length: choices: - enable - disable description: - Enable/disable MMS replacement of blocked file constant length. type: str replacemsg_group: description: - Replacement message group. Source system.replacemsg-group.name. type: str type: dict
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str