lix_fortinet / lix_fortinet.fortios / 102.2.120 / module / fortios_firewall_sniffer Configure sniffer in Fortinet's FortiOS and FortiGate. | "added in version" 2.0.0 of lix_fortinet.fortios" Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico) preview | supported by communitylix_fortinet.fortios.fortios_firewall_sniffer (102.2.120) — module
Install with ansible-galaxy collection install lix_fortinet.fortios:==102.2.120
collections: - name: lix_fortinet.fortios version: 102.2.120
This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and sniffer category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
- hosts: fortigates collections: - fortinet.fortios connection: httpapi vars: vdom: "root" ansible_httpapi_use_ssl: yes ansible_httpapi_validate_certs: no ansible_httpapi_port: 443 tasks: - name: Configure sniffer. fortios_firewall_sniffer: vdom: "{{ vdom }}" state: "present" access_token: "<your_own_value>" firewall_sniffer: anomaly: - action: "pass" log: "enable" name: "default_name_6" quarantine: "none" quarantine_expiry: "<your_own_value>" quarantine_log: "disable" status: "disable" threshold: "0" threshold_default: "0" application_list: "<your_own_value> (source application.list.name)" application_list_status: "enable" av_profile: "<your_own_value> (source antivirus.profile.name)" av_profile_status: "enable" dlp_profile: "<your_own_value> (source dlp.profile.name)" dlp_profile_status: "enable" dlp_sensor: "<your_own_value> (source dlp.sensor.name)" dlp_sensor_status: "enable" dsri: "enable" emailfilter_profile: "<your_own_value> (source emailfilter.profile.name)" emailfilter_profile_status: "enable" file_filter_profile: "<your_own_value> (source file-filter.profile.name)" file_filter_profile_status: "enable" host: "myhostname" id: "27" interface: "<your_own_value> (source system.interface.name)" ip_threatfeed: - name: "default_name_30 (source system.external-resource.name)" ip_threatfeed_status: "enable" ips_dos_status: "enable" ips_sensor: "<your_own_value> (source ips.sensor.name)" ips_sensor_status: "enable" ipv6: "enable" logtraffic: "all" max_packet_count: "4000" non_ip: "enable" port: "<your_own_value>" protocol: "<your_own_value>" scan_botnet_connections: "disable" spamfilter_profile: "<your_own_value> (source spamfilter.profile.name)" spamfilter_profile_status: "enable" status: "enable" vlan: "<your_own_value>" webfilter_profile: "<your_own_value> (source webfilter.profile.name)" webfilter_profile_status: "enable"
vdom: default: root description: - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str state: choices: - present - absent description: - Indicates whether to create or remove the object. required: true type: str enable_log: default: false description: - Enable/Disable logging for task. required: false type: bool member_path: description: - Member attribute path to operate on. - Delimited by a slash character if there are more than one attribute. - Parameter marked with member_path is legitimate for doing member operation. type: str access_token: description: - Token-based authentication. Generated from GUI of Fortigate. required: false type: str member_state: choices: - present - absent description: - Add or delete a member under specified attribute path. - When member_state is specified, the state option is ignored. type: str firewall_sniffer: default: null description: - Configure sniffer. suboptions: anomaly: description: - Configuration method to edit Denial of Service (DoS) anomaly settings. elements: dict suboptions: action: choices: - pass - block - proxy description: - Action taken when the threshold is reached. type: str log: choices: - enable - disable description: - Enable/disable anomaly logging. type: str name: description: - Anomaly name. type: str quarantine: choices: - none - attacker description: - Quarantine method. type: str quarantine_expiry: description: - Duration of quarantine. (Format type: str quarantine_log: choices: - disable - enable description: - Enable/disable quarantine logging. type: str status: choices: - disable - enable description: - Enable/disable this anomaly. type: str threshold: description: - Anomaly threshold. Number of detected instances (packets per second or concurrent session number) that triggers the anomaly action. type: int threshold_default: description: - Number of detected instances per minute which triggers action (1 - 2147483647). Note that each anomaly has a different threshold value assigned to it. type: int type: list application_list: description: - Name of an existing application list. Source application.list.name. type: str application_list_status: choices: - enable - disable description: - Enable/disable application control profile. type: str av_profile: description: - Name of an existing antivirus profile. Source antivirus.profile.name. type: str av_profile_status: choices: - enable - disable description: - Enable/disable antivirus profile. type: str dlp_profile: description: - Name of an existing DLP profile. Source dlp.profile.name. type: str dlp_profile_status: choices: - enable - disable description: - Enable/disable DLP profile. type: str dlp_sensor: description: - Name of an existing DLP sensor. Source dlp.sensor.name. type: str dlp_sensor_status: choices: - enable - disable description: - Enable/disable DLP sensor. type: str dsri: choices: - enable - disable description: - Enable/disable DSRI. type: str emailfilter_profile: description: - Name of an existing email filter profile. Source emailfilter.profile.name. type: str emailfilter_profile_status: choices: - enable - disable description: - Enable/disable emailfilter. type: str file_filter_profile: description: - Name of an existing file-filter profile. Source file-filter.profile.name. type: str file_filter_profile_status: choices: - enable - disable description: - Enable/disable file filter. type: str host: description: - 'Hosts to filter for in sniffer traffic (Format examples: 1.1.1.1, 2.2.2.0/24, 3.3.3.3/255.255.255.0, 4.4.4.0-4.4.4.240).' type: str id: description: - Sniffer ID (0 - 9999). required: true type: int interface: description: - Interface name that traffic sniffing will take place on. Source system.interface.name. type: str ip_threatfeed: description: - Name of an existing IP threat feed. elements: dict suboptions: name: description: - Threat feed name. Source system.external-resource.name. type: str type: list ip_threatfeed_status: choices: - enable - disable description: - Enable/disable IP threat feed. type: str ips_dos_status: choices: - enable - disable description: - Enable/disable IPS DoS anomaly detection. type: str ips_sensor: description: - Name of an existing IPS sensor. Source ips.sensor.name. type: str ips_sensor_status: choices: - enable - disable description: - Enable/disable IPS sensor. type: str ipv6: choices: - enable - disable description: - Enable/disable sniffing IPv6 packets. type: str logtraffic: choices: - all - utm - disable description: - Either log all sessions, only sessions that have a security profile applied, or disable all logging for this policy. type: str max_packet_count: description: - Maximum packet count (1 - 1000000). type: int non_ip: choices: - enable - disable description: - Enable/disable sniffing non-IP packets. type: str port: description: - 'Ports to sniff (Format examples: 10, :20, 30:40, 50-, 100-200).' type: str protocol: description: - Integer value for the protocol type as defined by IANA (0 - 255). type: str scan_botnet_connections: choices: - disable - block - monitor description: - Enable/disable scanning of connections to Botnet servers. type: str spamfilter_profile: description: - Name of an existing spam filter profile. Source spamfilter.profile.name. type: str spamfilter_profile_status: choices: - enable - disable description: - Enable/disable spam filter. type: str status: choices: - enable - disable description: - Enable/disable the active status of the sniffer. type: str vlan: description: - List of VLANs to sniff. type: str webfilter_profile: description: - Name of an existing web filter profile. Source webfilter.profile.name. type: str webfilter_profile_status: choices: - enable - disable description: - Enable/disable web filter profile. type: str type: dict
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str