lix_fortinet / lix_fortinet.fortios / 102.2.120 / module / fortios_ips_sensor Configure IPS sensor in Fortinet's FortiOS and FortiGate. | "added in version" 2.0.0 of lix_fortinet.fortios" Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico) preview | supported by communitylix_fortinet.fortios.fortios_ips_sensor (102.2.120) — module
Install with ansible-galaxy collection install lix_fortinet.fortios:==102.2.120
collections: - name: lix_fortinet.fortios version: 102.2.120
This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify ips feature and sensor category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
- hosts: fortigates collections: - fortinet.fortios connection: httpapi vars: vdom: "root" ansible_httpapi_use_ssl: yes ansible_httpapi_validate_certs: no ansible_httpapi_port: 443 tasks: - name: Configure IPS sensor. fortios_ips_sensor: vdom: "{{ vdom }}" state: "present" access_token: "<your_own_value>" ips_sensor: block_malicious_url: "disable" comment: "Comment." entries: - action: "pass" application: "<your_own_value>" cve: - cve_entry: "<your_own_value>" default_action: "all" default_status: "all" exempt_ip: - dst_ip: "<your_own_value>" id: "14" src_ip: "<your_own_value>" id: "16" last_modified: "<your_own_value>" location: "<your_own_value>" log: "disable" log_attack_context: "disable" log_packet: "disable" os: "<your_own_value>" protocol: "<your_own_value>" quarantine: "none" quarantine_expiry: "<your_own_value>" quarantine_log: "disable" rate_count: "0" rate_duration: "60" rate_mode: "periodical" rate_track: "none" rule: - id: "32" severity: "<your_own_value>" status: "disable" vuln_type: - id: "36" extended_log: "enable" filter: - action: "pass" application: "<your_own_value>" location: "<your_own_value>" log: "disable" log_packet: "disable" name: "default_name_44" os: "<your_own_value>" protocol: "<your_own_value>" quarantine: "none" quarantine_expiry: "1073741823" quarantine_log: "disable" severity: "<your_own_value>" status: "disable" name: "default_name_52" override: - action: "pass" exempt_ip: - dst_ip: "<your_own_value>" id: "57" src_ip: "<your_own_value>" log: "disable" log_packet: "disable" quarantine: "none" quarantine_expiry: "1073741823" quarantine_log: "disable" rule_id: "2147483647" status: "disable" replacemsg_group: "<your_own_value> (source system.replacemsg-group.name)" scan_botnet_connections: "disable"
vdom: default: root description: - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str state: choices: - present - absent description: - Indicates whether to create or remove the object. required: true type: str enable_log: default: false description: - Enable/Disable logging for task. required: false type: bool ips_sensor: default: null description: - Configure IPS sensor. suboptions: block_malicious_url: choices: - disable - enable description: - Enable/disable malicious URL blocking. type: str comment: description: - Comment. type: str entries: description: - IPS sensor filter. elements: dict suboptions: action: choices: - pass - block - reset - default description: - Action taken with traffic in which signatures are detected. type: str application: description: - Operating systems to be protected. Use all for every application and other for unlisted application. elements: str type: list cve: description: - List of CVE IDs of the signatures to add to the sensor. elements: dict suboptions: cve_entry: description: - CVE IDs or CVE wildcards. type: str type: list default_action: choices: - all - pass - block description: - Signature default action filter. type: str default_status: choices: - all - enable - disable description: - Signature default status filter. type: str exempt_ip: description: - Traffic from selected source or destination IP addresses is exempt from this signature. elements: dict suboptions: dst_ip: description: - Destination IP address and netmask (applies to packet matching the signature). type: str id: description: - Exempt IP ID. type: int src_ip: description: - Source IP address and netmask (applies to packet matching the signature). type: str type: list id: description: - Rule ID in IPS database (0 - 4294967295). type: int last_modified: description: - 'Filter by signature last modified date. Formats: before <date>, after <date>, between <start-date> <end-date>.' type: str location: description: - Protect client or server traffic. elements: str type: list log: choices: - disable - enable description: - Enable/disable logging of signatures included in filter. type: str log_attack_context: choices: - disable - enable description: - 'Enable/disable logging of attack context: URL buffer, header buffer, body buffer, packet buffer.' type: str log_packet: choices: - disable - enable description: - Enable/disable packet logging. Enable to save the packet that triggers the filter. You can download the packets in pcap format for diagnostic use. type: str os: description: - Operating systems to be protected. Use all for every operating system and other for unlisted operating systems. elements: str type: list protocol: description: - Protocols to be examined. Use all for every protocol and other for unlisted protocols. elements: str type: list quarantine: choices: - none - attacker description: - Quarantine method. type: str quarantine_expiry: description: - Duration of quarantine. (Format type: str quarantine_log: choices: - disable - enable description: - Enable/disable quarantine logging. type: str rate_count: description: - Count of the rate. type: int rate_duration: description: - Duration (sec) of the rate. type: int rate_mode: choices: - periodical - continuous description: - Rate limit mode. type: str rate_track: choices: - none - src-ip - dest-ip - dhcp-client-mac - dns-domain description: - Track the packet protocol field. type: str rule: description: - Identifies the predefined or custom IPS signatures to add to the sensor. elements: dict suboptions: id: description: - Rule IPS. type: int type: list severity: description: - Relative severity of the signature, from info to critical. Log messages generated by the signature include the severity. elements: str type: list status: choices: - disable - enable - default description: - Status of the signatures included in filter. Only those filters with a status to enable are used. type: str vuln_type: description: - List of signature vulnerability types to filter by. elements: dict suboptions: id: description: - Vulnerability type ID. type: int type: list type: list extended_log: choices: - enable - disable description: - Enable/disable extended logging. type: str filter: description: - IPS sensor filter. elements: dict suboptions: action: choices: - pass - block - reset - default description: - Action of selected rules. type: str application: description: - Vulnerable application filter. type: str location: description: - Vulnerability location filter. type: str log: choices: - disable - enable description: - Enable/disable logging of selected rules. type: str log_packet: choices: - disable - enable description: - Enable/disable packet logging of selected rules. type: str name: description: - Filter name. type: str os: description: - Vulnerable OS filter. type: str protocol: description: - Vulnerable protocol filter. type: str quarantine: choices: - none - attacker description: - Quarantine IP or interface. type: str quarantine_expiry: description: - Duration of quarantine in minute. type: int quarantine_log: choices: - disable - enable description: - Enable/disable logging of selected quarantine. type: str severity: description: - Vulnerability severity filter. type: str status: choices: - disable - enable - default description: - Selected rules status. type: str type: list name: description: - Sensor name. required: true type: str override: description: - IPS override rule. elements: dict suboptions: action: choices: - pass - block - reset description: - Action of override rule. type: str exempt_ip: description: - Exempted IP. elements: dict suboptions: dst_ip: description: - Destination IP address and netmask. type: str id: description: - Exempt IP ID. type: int src_ip: description: - Source IP address and netmask. type: str type: list log: choices: - disable - enable description: - Enable/disable logging. type: str log_packet: choices: - disable - enable description: - Enable/disable packet logging. type: str quarantine: choices: - none - attacker description: - Quarantine IP or interface. type: str quarantine_expiry: description: - Duration of quarantine in minute. type: int quarantine_log: choices: - disable - enable description: - Enable/disable logging of selected quarantine. type: str rule_id: description: - Override rule ID. type: int status: choices: - disable - enable description: - Enable/disable status of override rule. type: str type: list replacemsg_group: description: - Replacement message group. Source system.replacemsg-group.name. type: str scan_botnet_connections: choices: - disable - block - monitor description: - Block or monitor connections to Botnet servers, or disable Botnet scanning. type: str type: dict member_path: description: - Member attribute path to operate on. - Delimited by a slash character if there are more than one attribute. - Parameter marked with member_path is legitimate for doing member operation. type: str access_token: description: - Token-based authentication. Generated from GUI of Fortigate. required: false type: str member_state: choices: - present - absent description: - Add or delete a member under specified attribute path. - When member_state is specified, the state option is ignored. type: str
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str