lix_fortinet / lix_fortinet.fortios / 102.2.120 / module / fortios_system_fortiguard Configure FortiGuard services in Fortinet's FortiOS and FortiGate. | "added in version" 2.0.0 of lix_fortinet.fortios" Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico) preview | supported by communitylix_fortinet.fortios.fortios_system_fortiguard (102.2.120) — module
Install with ansible-galaxy collection install lix_fortinet.fortios:==102.2.120
collections: - name: lix_fortinet.fortios version: 102.2.120
This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and fortiguard category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
- hosts: fortigates collections: - fortinet.fortios connection: httpapi vars: vdom: "root" ansible_httpapi_use_ssl: yes ansible_httpapi_validate_certs: no ansible_httpapi_port: 443 tasks: - name: Configure FortiGuard services. fortios_system_fortiguard: vdom: "{{ vdom }}" system_fortiguard: antispam_cache: "enable" antispam_cache_mpercent: "2" antispam_cache_ttl: "1800" antispam_expiration: "0" antispam_force_off: "enable" antispam_license: "4294967295" antispam_timeout: "7" anycast_sdns_server_ip: "<your_own_value>" anycast_sdns_server_port: "853" auto_firmware_upgrade: "enable" auto_firmware_upgrade_day: "sunday" auto_firmware_upgrade_end_hour: "4" auto_firmware_upgrade_start_hour: "2" auto_join_forticloud: "enable" ddns_server_ip: "<your_own_value>" ddns_server_ip6: "<your_own_value>" ddns_server_port: "443" fortiguard_anycast: "enable" fortiguard_anycast_source: "fortinet" interface: "<your_own_value> (source system.interface.name)" interface_select_method: "auto" load_balance_servers: "1" outbreak_prevention_cache: "enable" outbreak_prevention_cache_mpercent: "2" outbreak_prevention_cache_ttl: "300" outbreak_prevention_expiration: "0" outbreak_prevention_force_off: "enable" outbreak_prevention_license: "4294967295" outbreak_prevention_timeout: "7" persistent_connection: "enable" port: "8888" protocol: "udp" proxy_password: "<your_own_value>" proxy_server_ip: "<your_own_value>" proxy_server_port: "0" proxy_username: "<your_own_value>" sandbox_inline_scan: "enable" sandbox_region: "<your_own_value>" sdns_options: "include-question-section" sdns_server_ip: "<your_own_value>" sdns_server_port: "53" service_account_id: "<your_own_value>" source_ip: "84.230.14.43" source_ip6: "<your_own_value>" update_build_proxy: "enable" update_extdb: "enable" update_ffdb: "enable" update_server_location: "automatic" update_uwdb: "enable" vdom: "<your_own_value> (source system.vdom.name)" videofilter_expiration: "0" videofilter_license: "4294967295" webfilter_cache: "enable" webfilter_cache_ttl: "3600" webfilter_expiration: "0" webfilter_force_off: "enable" webfilter_license: "4294967295" webfilter_timeout: "15"
vdom: default: root description: - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str enable_log: default: false description: - Enable/Disable logging for task. required: false type: bool member_path: description: - Member attribute path to operate on. - Delimited by a slash character if there are more than one attribute. - Parameter marked with member_path is legitimate for doing member operation. type: str access_token: description: - Token-based authentication. Generated from GUI of Fortigate. required: false type: str member_state: choices: - present - absent description: - Add or delete a member under specified attribute path. - When member_state is specified, the state option is ignored. type: str system_fortiguard: default: null description: - Configure FortiGuard services. suboptions: antispam_cache: choices: - enable - disable description: - Enable/disable FortiGuard antispam request caching. Uses a small amount of memory but improves performance. type: str antispam_cache_mpercent: description: - Maximum percentage of FortiGate memory the antispam cache is allowed to use (1 - 15). type: int antispam_cache_ttl: description: - Time-to-live for antispam cache entries in seconds (300 - 86400). Lower times reduce the cache size. Higher times may improve performance since the cache will have more entries. type: int antispam_expiration: description: - Expiration date of the FortiGuard antispam contract. type: int antispam_force_off: choices: - enable - disable description: - Enable/disable turning off the FortiGuard antispam service. type: str antispam_license: description: - Interval of time between license checks for the FortiGuard antispam contract. type: int antispam_timeout: description: - Antispam query time out (1 - 30 sec). type: int anycast_sdns_server_ip: description: - IP address of the FortiGuard anycast DNS rating server. type: str anycast_sdns_server_port: description: - Port to connect to on the FortiGuard anycast DNS rating server. type: int auto_firmware_upgrade: choices: - enable - disable description: - Enable/disable automatic patch-level firmware upgrade from FortiGuard. The FortiGate unit searches for new patches only in the same major and minor version. type: str auto_firmware_upgrade_day: choices: - sunday - monday - tuesday - wednesday - thursday - friday - saturday description: - Allowed day(s) of the week to start automatic patch-level firmware upgrade from FortiGuard. elements: str type: list auto_firmware_upgrade_end_hour: description: - End time in the designated time window for automatic patch-level firmware upgrade from FortiGuard in 24 hour time (0 ~ 23). When the end time is smaller than the start time, the end time is interpreted as the next day. The actual upgrade time is selected randomly within the time window. type: int auto_firmware_upgrade_start_hour: description: - Start time in the designated time window for automatic patch-level firmware upgrade from FortiGuard in 24 hour time (0 ~ 23). The actual upgrade time is selected randomly within the time window. type: int auto_join_forticloud: choices: - enable - disable description: - Automatically connect to and login to FortiCloud. type: str ddns_server_ip: description: - IP address of the FortiDDNS server. type: str ddns_server_ip6: description: - IPv6 address of the FortiDDNS server. type: str ddns_server_port: description: - Port used to communicate with FortiDDNS servers. type: int fortiguard_anycast: choices: - enable - disable description: - Enable/disable use of FortiGuard"s Anycast network. type: str fortiguard_anycast_source: choices: - fortinet - aws - debug description: - Configure which of Fortinet"s servers to provide FortiGuard services in FortiGuard"s anycast network. Default is Fortinet. type: str interface: description: - Specify outgoing interface to reach server. Source system.interface.name. type: str interface_select_method: choices: - auto - sdwan - specify description: - Specify how to select outgoing interface to reach server. type: str load_balance_servers: description: - Number of servers to alternate between as first FortiGuard option. type: int outbreak_prevention_cache: choices: - enable - disable description: - Enable/disable FortiGuard Virus Outbreak Prevention cache. type: str outbreak_prevention_cache_mpercent: description: - Maximum percent of memory FortiGuard Virus Outbreak Prevention cache can use (1 - 15%). type: int outbreak_prevention_cache_ttl: description: - Time-to-live for FortiGuard Virus Outbreak Prevention cache entries (300 - 86400 sec). type: int outbreak_prevention_expiration: description: - Expiration date of FortiGuard Virus Outbreak Prevention contract. type: int outbreak_prevention_force_off: choices: - enable - disable description: - Turn off FortiGuard Virus Outbreak Prevention service. type: str outbreak_prevention_license: description: - Interval of time between license checks for FortiGuard Virus Outbreak Prevention contract. type: int outbreak_prevention_timeout: description: - FortiGuard Virus Outbreak Prevention time out (1 - 30 sec). type: int persistent_connection: choices: - enable - disable description: - Enable/disable use of persistent connection to receive update notification from FortiGuard. type: str port: choices: - '8888' - '53' - '80' - '443' description: - Port used to communicate with the FortiGuard servers. type: str protocol: choices: - udp - http - https description: - Protocol used to communicate with the FortiGuard servers. type: str proxy_password: description: - Proxy user password. type: str proxy_server_ip: description: - Hostname or IP address of the proxy server. type: str proxy_server_port: description: - Port used to communicate with the proxy server. type: int proxy_username: description: - Proxy user name. type: str sandbox_inline_scan: choices: - enable - disable description: - Enable/disable FortiCloud Sandbox inline-scan. type: str sandbox_region: description: - FortiCloud Sandbox region. type: str sdns_options: choices: - include-question-section description: - Customization options for the FortiGuard DNS service. elements: str type: list sdns_server_ip: description: - IP address of the FortiGuard DNS rating server. elements: str type: list sdns_server_port: description: - Port to connect to on the FortiGuard DNS rating server. type: int service_account_id: description: - Service account ID. type: str source_ip: description: - Source IPv4 address used to communicate with FortiGuard. type: str source_ip6: description: - Source IPv6 address used to communicate with FortiGuard. type: str update_build_proxy: choices: - enable - disable description: - Enable/disable proxy dictionary rebuild. type: str update_extdb: choices: - enable - disable description: - Enable/disable external resource update. type: str update_ffdb: choices: - enable - disable description: - Enable/disable Internet Service Database update. type: str update_server_location: choices: - automatic - usa - eu - any description: - Location from which to receive FortiGuard updates. type: str update_uwdb: choices: - enable - disable description: - Enable/disable allowlist update. type: str vdom: description: - FortiGuard Service virtual domain name. Source system.vdom.name. type: str videofilter_expiration: description: - Expiration date of the FortiGuard video filter contract. type: int videofilter_license: description: - Interval of time between license checks for the FortiGuard video filter contract. type: int webfilter_cache: choices: - enable - disable description: - Enable/disable FortiGuard web filter caching. type: str webfilter_cache_ttl: description: - Time-to-live for web filter cache entries in seconds (300 - 86400). type: int webfilter_expiration: description: - Expiration date of the FortiGuard web filter contract. type: int webfilter_force_off: choices: - enable - disable description: - Enable/disable turning off the FortiGuard web filtering service. type: str webfilter_license: description: - Interval of time between license checks for the FortiGuard web filter contract. type: int webfilter_timeout: description: - Web filter query time out (1 - 30 sec). type: int type: dict
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str