Try SpotterConfigure admin users in Fortinet's FortiOS and FortiGate.
| "added in version" 2.0.0 of lix_fortinet.fortios"
Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico)
preview | supported by community
Install with ansible-galaxy collection install lix_fortinet.fortios:==102.2.120
collections:
- name: lix_fortinet.fortios
version: 102.2.120This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and admin category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure admin users.
fortios_system_admin:
vdom: "{{ vdom }}"
state: "present"
access_token: "<your_own_value>"
system_admin:
accprofile: "<your_own_value> (source system.accprofile.name)"
accprofile_override: "enable"
allow_remove_admin_session: "enable"
comments: "<your_own_value>"
email_to: "<your_own_value>"
force_password_change: "enable"
fortitoken: "<your_own_value>"
guest_auth: "disable"
guest_lang: "<your_own_value> (source system.custom-language.name)"
guest_usergroups:
-
name: "default_name_13"
gui_dashboard:
-
columns: "10"
id: "16"
layout_type: "responsive"
name: "default_name_18"
permanent: "disable"
scope: "global"
vdom: "<your_own_value> (source system.vdom.name)"
widget:
-
fabric_device: "<your_own_value>"
fabric_device_widget_name: "<your_own_value>"
fabric_device_widget_visualization_type: "<your_own_value>"
fortiview_device: "<your_own_value>"
fortiview_filters:
-
id: "28"
key: "<your_own_value>"
value: "<your_own_value>"
fortiview_sort_by: "<your_own_value>"
fortiview_timeframe: "<your_own_value>"
fortiview_type: "<your_own_value>"
fortiview_visualization: "<your_own_value>"
height: "25"
id: "36"
industry: "default"
interface: "<your_own_value> (source system.interface.name)"
region: "default"
title: "<your_own_value>"
type: "sysinfo"
width: "25"
x_pos: "500"
y_pos: "500"
gui_global_menu_favorites:
-
id: "46"
gui_new_feature_acknowledge:
-
id: "48"
gui_vdom_menu_favorites:
-
id: "50"
hidden: "127"
history0: "<your_own_value>"
history1: "<your_own_value>"
ip6_trusthost1: "myhostname"
ip6_trusthost10: "myhostname"
ip6_trusthost2: "myhostname"
ip6_trusthost3: "myhostname"
ip6_trusthost4: "myhostname"
ip6_trusthost5: "myhostname"
ip6_trusthost6: "myhostname"
ip6_trusthost7: "myhostname"
ip6_trusthost8: "myhostname"
ip6_trusthost9: "myhostname"
login_time:
-
last_failed_login: "<your_own_value>"
last_login: "<your_own_value>"
usr_name: "<your_own_value>"
name: "default_name_68"
password: "<your_own_value>"
password_expire: "<your_own_value>"
peer_auth: "enable"
peer_group: "<your_own_value>"
radius_vdom_override: "enable"
remote_auth: "enable"
remote_group: "<your_own_value>"
schedule: "<your_own_value>"
sms_custom_server: "<your_own_value> (source system.sms-server.name)"
sms_phone: "<your_own_value>"
sms_server: "fortiguard"
ssh_certificate: "<your_own_value> (source certificate.remote.name)"
ssh_public_key1: "<your_own_value>"
ssh_public_key2: "<your_own_value>"
ssh_public_key3: "<your_own_value>"
trusthost1: "myhostname"
trusthost10: "myhostname"
trusthost2: "myhostname"
trusthost3: "myhostname"
trusthost4: "myhostname"
trusthost5: "myhostname"
trusthost6: "myhostname"
trusthost7: "myhostname"
trusthost8: "myhostname"
trusthost9: "myhostname"
two_factor: "disable"
two_factor_authentication: "fortitoken"
two_factor_notification: "email"
vdom:
-
name: "default_name_98 (source system.vdom.name)"
vdom_override: "enable"
wildcard: "enable"
vdom:
default: root
description:
- Virtual domain, among those defined previously. A vdom is a virtual instance of
the FortiGate that can be configured and used as a different unit.
type: str
state:
choices:
- present
- absent
description:
- Indicates whether to create or remove the object.
required: true
type: str
enable_log:
default: false
description:
- Enable/Disable logging for task.
required: false
type: bool
member_path:
description:
- Member attribute path to operate on.
- Delimited by a slash character if there are more than one attribute.
- Parameter marked with member_path is legitimate for doing member operation.
type: str
access_token:
description:
- Token-based authentication. Generated from GUI of Fortigate.
required: false
type: str
member_state:
choices:
- present
- absent
description:
- Add or delete a member under specified attribute path.
- When member_state is specified, the state option is ignored.
type: str
system_admin:
default: null
description:
- Configure admin users.
suboptions:
accprofile:
description:
- Access profile for this administrator. Access profiles control administrator
access to FortiGate features. Source system.accprofile.name.
type: str
accprofile_override:
choices:
- enable
- disable
description:
- Enable to use the name of an access profile provided by the remote authentication
server to control the FortiGate features that this administrator can access.
type: str
allow_remove_admin_session:
choices:
- enable
- disable
description:
- Enable/disable allow admin session to be removed by privileged admin users.
type: str
comments:
description:
- Comment.
type: str
email_to:
description:
- This administrator"s email address.
type: str
force_password_change:
choices:
- enable
- disable
description:
- Enable/disable force password change on next login.
type: str
fortitoken:
description:
- This administrator"s FortiToken serial number.
type: str
guest_auth:
choices:
- disable
- enable
description:
- Enable/disable guest authentication.
type: str
guest_lang:
description:
- Guest management portal language. Source system.custom-language.name.
type: str
guest_usergroups:
description:
- Select guest user groups.
elements: dict
suboptions:
name:
description:
- Select guest user groups.
type: str
type: list
gui_dashboard:
description:
- GUI dashboards.
elements: dict
suboptions:
columns:
description:
- Number of columns.
type: int
id:
description:
- Dashboard ID.
type: int
layout_type:
choices:
- responsive
- fixed
description:
- Layout type.
type: str
name:
description:
- Dashboard name.
type: str
permanent:
choices:
- disable
- enable
description:
- Permanent dashboard (can"t be removed via the GUI).
type: str
scope:
choices:
- global
- vdom
description:
- Dashboard scope.
type: str
vdom:
description:
- Virtual domain. Source system.vdom.name.
type: str
widget:
description:
- Dashboard widgets.
elements: dict
suboptions:
fabric_device:
description:
- Fabric device to monitor.
type: str
fabric_device_widget_name:
description:
- Fabric device widget name.
type: str
fabric_device_widget_visualization_type:
description:
- Visualization type for fabric device widget.
type: str
fortiview_device:
description:
- FortiView device.
type: str
fortiview_filters:
description:
- FortiView filters.
elements: dict
suboptions:
id:
description:
- FortiView Filter ID.
type: int
key:
description:
- Filter key.
type: str
value:
description:
- Filter value.
type: str
type: list
fortiview_sort_by:
description:
- FortiView sort by.
type: str
fortiview_timeframe:
description:
- FortiView timeframe.
type: str
fortiview_type:
description:
- FortiView type.
type: str
fortiview_visualization:
description:
- FortiView visualization.
type: str
height:
description:
- Height.
type: int
id:
description:
- Widget ID.
type: int
industry:
choices:
- default
- custom
description:
- Security Audit Rating industry.
type: str
interface:
description:
- Interface to monitor. Source system.interface.name.
type: str
region:
choices:
- default
- custom
description:
- Security Audit Rating region.
type: str
title:
description:
- Widget title.
type: str
type:
choices:
- sysinfo
- licinfo
- forticloud
- cpu-usage
- memory-usage
- disk-usage
- log-rate
- sessions
- session-rate
- tr-history
- analytics
- usb-modem
- admins
- security-fabric
- security-fabric-ranking
- sensor-info
- ha-status
- vulnerability-summary
- host-scan-summary
- fortiview
- botnet-activity
- fabric-device
- fortimail
description:
- Widget type.
type: str
width:
description:
- Width.
type: int
x_pos:
description:
- X position.
type: int
y_pos:
description:
- Y position.
type: int
type: list
type: list
gui_global_menu_favorites:
description:
- Favorite GUI menu IDs for the global VDOM.
elements: dict
suboptions:
id:
description:
- Select menu ID.
type: str
type: list
gui_new_feature_acknowledge:
description:
- Acknowledgement of new features.
elements: dict
suboptions:
id:
description:
- Select menu ID.
type: str
type: list
gui_vdom_menu_favorites:
description:
- Favorite GUI menu IDs for VDOMs.
elements: dict
suboptions:
id:
description:
- Select menu ID.
type: str
type: list
hidden:
description:
- Admin user hidden attribute.
type: int
history0:
description:
- history0
type: str
history1:
description:
- history1
type: str
ip6_trusthost1:
description:
- Any IPv6 address from which the administrator can connect to the FortiGate unit.
Default allows access from any IPv6 address.
type: str
ip6_trusthost10:
description:
- Any IPv6 address from which the administrator can connect to the FortiGate unit.
Default allows access from any IPv6 address.
type: str
ip6_trusthost2:
description:
- Any IPv6 address from which the administrator can connect to the FortiGate unit.
Default allows access from any IPv6 address.
type: str
ip6_trusthost3:
description:
- Any IPv6 address from which the administrator can connect to the FortiGate unit.
Default allows access from any IPv6 address.
type: str
ip6_trusthost4:
description:
- Any IPv6 address from which the administrator can connect to the FortiGate unit.
Default allows access from any IPv6 address.
type: str
ip6_trusthost5:
description:
- Any IPv6 address from which the administrator can connect to the FortiGate unit.
Default allows access from any IPv6 address.
type: str
ip6_trusthost6:
description:
- Any IPv6 address from which the administrator can connect to the FortiGate unit.
Default allows access from any IPv6 address.
type: str
ip6_trusthost7:
description:
- Any IPv6 address from which the administrator can connect to the FortiGate unit.
Default allows access from any IPv6 address.
type: str
ip6_trusthost8:
description:
- Any IPv6 address from which the administrator can connect to the FortiGate unit.
Default allows access from any IPv6 address.
type: str
ip6_trusthost9:
description:
- Any IPv6 address from which the administrator can connect to the FortiGate unit.
Default allows access from any IPv6 address.
type: str
login_time:
description:
- Record user login time.
elements: dict
suboptions:
last_failed_login:
description:
- Last failed login time.
type: str
last_login:
description:
- Last successful login time.
type: str
usr_name:
description:
- User name.
type: str
type: list
name:
description:
- User name.
required: true
type: str
password:
description:
- Admin user password.
type: str
password_expire:
description:
- Password expire time.
type: str
peer_auth:
choices:
- enable
- disable
description:
- Set to enable peer certificate authentication (for HTTPS admin access).
type: str
peer_group:
description:
- Name of peer group defined under config user group which has PKI members. Used
for peer certificate authentication (for HTTPS admin access).
type: str
radius_vdom_override:
choices:
- enable
- disable
description:
- Enable to use the names of VDOMs provided by the remote authentication server
to control the VDOMs that this administrator can access.
type: str
remote_auth:
choices:
- enable
- disable
description:
- Enable/disable authentication using a remote RADIUS, LDAP, or TACACS+ server.
type: str
remote_group:
description:
- User group name used for remote auth.
type: str
schedule:
description:
- Firewall schedule used to restrict when the administrator can log in. No schedule
means no restrictions.
type: str
sms_custom_server:
description:
- Custom SMS server to send SMS messages to. Source system.sms-server.name.
type: str
sms_phone:
description:
- Phone number on which the administrator receives SMS messages.
type: str
sms_server:
choices:
- fortiguard
- custom
description:
- Send SMS messages using the FortiGuard SMS server or a custom server.
type: str
ssh_certificate:
description:
- Select the certificate to be used by the FortiGate for authentication with an
SSH client. Source certificate.remote.name.
type: str
ssh_public_key1:
description:
- Public key of an SSH client. The client is authenticated without being asked
for credentials. Create the public-private key pair in the SSH client application.
type: str
ssh_public_key2:
description:
- Public key of an SSH client. The client is authenticated without being asked
for credentials. Create the public-private key pair in the SSH client application.
type: str
ssh_public_key3:
description:
- Public key of an SSH client. The client is authenticated without being asked
for credentials. Create the public-private key pair in the SSH client application.
type: str
trusthost1:
description:
- Any IPv4 address or subnet address and netmask from which the administrator
can connect to the FortiGate unit. Default allows access from any IPv4 address.
type: str
trusthost10:
description:
- Any IPv4 address or subnet address and netmask from which the administrator
can connect to the FortiGate unit. Default allows access from any IPv4 address.
type: str
trusthost2:
description:
- Any IPv4 address or subnet address and netmask from which the administrator
can connect to the FortiGate unit. Default allows access from any IPv4 address.
type: str
trusthost3:
description:
- Any IPv4 address or subnet address and netmask from which the administrator
can connect to the FortiGate unit. Default allows access from any IPv4 address.
type: str
trusthost4:
description:
- Any IPv4 address or subnet address and netmask from which the administrator
can connect to the FortiGate unit. Default allows access from any IPv4 address.
type: str
trusthost5:
description:
- Any IPv4 address or subnet address and netmask from which the administrator
can connect to the FortiGate unit. Default allows access from any IPv4 address.
type: str
trusthost6:
description:
- Any IPv4 address or subnet address and netmask from which the administrator
can connect to the FortiGate unit. Default allows access from any IPv4 address.
type: str
trusthost7:
description:
- Any IPv4 address or subnet address and netmask from which the administrator
can connect to the FortiGate unit. Default allows access from any IPv4 address.
type: str
trusthost8:
description:
- Any IPv4 address or subnet address and netmask from which the administrator
can connect to the FortiGate unit. Default allows access from any IPv4 address.
type: str
trusthost9:
description:
- Any IPv4 address or subnet address and netmask from which the administrator
can connect to the FortiGate unit. Default allows access from any IPv4 address.
type: str
two_factor:
choices:
- disable
- fortitoken
- fortitoken-cloud
- email
- sms
description:
- Enable/disable two-factor authentication.
type: str
two_factor_authentication:
choices:
- fortitoken
- email
- sms
description:
- Authentication method by FortiToken Cloud.
type: str
two_factor_notification:
choices:
- email
- sms
description:
- Notification method for user activation by FortiToken Cloud.
type: str
vdom:
description:
- Virtual domain(s) that the administrator can access.
elements: dict
suboptions:
name:
description:
- Virtual domain name. Source system.vdom.name.
type: str
type: list
vdom_override:
choices:
- enable
- disable
description:
- Enable to use the names of VDOMs provided by the remote authentication server
to control the VDOMs that this administrator can access.
type: str
wildcard:
choices:
- enable
- disable
description:
- Enable/disable wildcard RADIUS authentication.
type: str
type: dict
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str