lix_fortinet / lix_fortinet.fortios / 102.2.120 / module / fortios_wireless_controller_wids_profile Configure wireless intrusion detection system (WIDS) profiles in Fortinet's FortiOS and FortiGate. | "added in version" 2.0.0 of lix_fortinet.fortios" Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico) preview | supported by communitylix_fortinet.fortios.fortios_wireless_controller_wids_profile (102.2.120) — module
Install with ansible-galaxy collection install lix_fortinet.fortios:==102.2.120
collections: - name: lix_fortinet.fortios version: 102.2.120
This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and wids_profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
- hosts: fortigates collections: - fortinet.fortios connection: httpapi vars: vdom: "root" ansible_httpapi_use_ssl: yes ansible_httpapi_validate_certs: no ansible_httpapi_port: 443 tasks: - name: Configure wireless intrusion detection system (WIDS) profiles. fortios_wireless_controller_wids_profile: vdom: "{{ vdom }}" state: "present" access_token: "<your_own_value>" wireless_controller_wids_profile: ap_auto_suppress: "enable" ap_bgscan_disable_day: "sunday" ap_bgscan_disable_end: "<your_own_value>" ap_bgscan_disable_schedules: - name: "default_name_7 (source firewall.schedule.group.name firewall.schedule.recurring.name firewall.schedule.onetime.name)" ap_bgscan_disable_start: "<your_own_value>" ap_bgscan_duration: "30" ap_bgscan_idle: "20" ap_bgscan_intv: "3" ap_bgscan_period: "600" ap_bgscan_report_intv: "30" ap_fgscan_report_intv: "15" ap_scan: "disable" ap_scan_passive: "enable" ap_scan_threshold: "<your_own_value>" asleap_attack: "enable" assoc_flood_thresh: "30" assoc_flood_time: "10" assoc_frame_flood: "enable" auth_flood_thresh: "30" auth_flood_time: "10" auth_frame_flood: "enable" comment: "Comment." deauth_broadcast: "enable" deauth_unknown_src_thresh: "10" eapol_fail_flood: "enable" eapol_fail_intv: "1" eapol_fail_thresh: "10" eapol_logoff_flood: "enable" eapol_logoff_intv: "1" eapol_logoff_thresh: "10" eapol_pre_fail_flood: "enable" eapol_pre_fail_intv: "1" eapol_pre_fail_thresh: "10" eapol_pre_succ_flood: "enable" eapol_pre_succ_intv: "1" eapol_pre_succ_thresh: "10" eapol_start_flood: "enable" eapol_start_intv: "1" eapol_start_thresh: "10" eapol_succ_flood: "enable" eapol_succ_intv: "1" eapol_succ_thresh: "10" invalid_mac_oui: "enable" long_duration_attack: "enable" long_duration_thresh: "8200" name: "default_name_49" null_ssid_probe_resp: "enable" sensor_mode: "disable" spoofed_deauth: "enable" weak_wep_iv: "enable" wireless_bridge: "enable"
vdom: default: root description: - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str state: choices: - present - absent description: - Indicates whether to create or remove the object. required: true type: str enable_log: default: false description: - Enable/Disable logging for task. required: false type: bool member_path: description: - Member attribute path to operate on. - Delimited by a slash character if there are more than one attribute. - Parameter marked with member_path is legitimate for doing member operation. type: str access_token: description: - Token-based authentication. Generated from GUI of Fortigate. required: false type: str member_state: choices: - present - absent description: - Add or delete a member under specified attribute path. - When member_state is specified, the state option is ignored. type: str wireless_controller_wids_profile: default: null description: - Configure wireless intrusion detection system (WIDS) profiles. suboptions: ap_auto_suppress: choices: - enable - disable description: - Enable/disable on-wire rogue AP auto-suppression . type: str ap_bgscan_disable_day: choices: - sunday - monday - tuesday - wednesday - thursday - friday - saturday description: - Optionally turn off scanning for one or more days of the week. Separate the days with a space. By default, no days are set. type: str ap_bgscan_disable_end: description: - End time, using a 24-hour clock in the format of hh:mm, for disabling background scanning . type: str ap_bgscan_disable_schedules: description: - Firewall schedules for turning off FortiAP radio background scan. Background scan will be disabled when at least one of the schedules is valid. Separate multiple schedule names with a space. elements: dict suboptions: name: description: - Schedule name. Source firewall.schedule.group.name firewall.schedule.recurring.name firewall.schedule.onetime.name. type: str type: list ap_bgscan_disable_start: description: - Start time, using a 24-hour clock in the format of hh:mm, for disabling background scanning . type: str ap_bgscan_duration: description: - Listen time on scanning a channel (10 - 1000 msec). type: int ap_bgscan_idle: description: - Wait time for channel inactivity before scanning this channel (0 - 1000 msec). type: int ap_bgscan_intv: description: - Period between successive channel scans (1 - 600 sec). type: int ap_bgscan_period: description: - Period between background scans (10 - 3600 sec). type: int ap_bgscan_report_intv: description: - Period between background scan reports (15 - 600 sec). type: int ap_fgscan_report_intv: description: - Period between foreground scan reports (15 - 600 sec). type: int ap_scan: choices: - disable - enable description: - Enable/disable rogue AP detection. type: str ap_scan_passive: choices: - enable - disable description: - Enable/disable passive scanning. Enable means do not send probe request on any channels . type: str ap_scan_threshold: description: - Minimum signal level/threshold in dBm required for the AP to report detected rogue AP (-95 to -20). type: str asleap_attack: choices: - enable - disable description: - Enable/disable asleap attack detection . type: str assoc_flood_thresh: description: - The threshold value for association frame flooding. type: int assoc_flood_time: description: - Number of seconds after which a station is considered not connected. type: int assoc_frame_flood: choices: - enable - disable description: - Enable/disable association frame flooding detection . type: str auth_flood_thresh: description: - The threshold value for authentication frame flooding. type: int auth_flood_time: description: - Number of seconds after which a station is considered not connected. type: int auth_frame_flood: choices: - enable - disable description: - Enable/disable authentication frame flooding detection . type: str comment: description: - Comment. type: str deauth_broadcast: choices: - enable - disable description: - Enable/disable broadcasting de-authentication detection . type: str deauth_unknown_src_thresh: description: - 'Threshold value per second to deauth unknown src for DoS attack (0: no limit).' type: int eapol_fail_flood: choices: - enable - disable description: - Enable/disable EAPOL-Failure flooding (to AP) detection . type: str eapol_fail_intv: description: - The detection interval for EAPOL-Failure flooding (1 - 3600 sec). type: int eapol_fail_thresh: description: - The threshold value for EAPOL-Failure flooding in specified interval. type: int eapol_logoff_flood: choices: - enable - disable description: - Enable/disable EAPOL-Logoff flooding (to AP) detection . type: str eapol_logoff_intv: description: - The detection interval for EAPOL-Logoff flooding (1 - 3600 sec). type: int eapol_logoff_thresh: description: - The threshold value for EAPOL-Logoff flooding in specified interval. type: int eapol_pre_fail_flood: choices: - enable - disable description: - Enable/disable premature EAPOL-Failure flooding (to STA) detection . type: str eapol_pre_fail_intv: description: - The detection interval for premature EAPOL-Failure flooding (1 - 3600 sec). type: int eapol_pre_fail_thresh: description: - The threshold value for premature EAPOL-Failure flooding in specified interval. type: int eapol_pre_succ_flood: choices: - enable - disable description: - Enable/disable premature EAPOL-Success flooding (to STA) detection . type: str eapol_pre_succ_intv: description: - The detection interval for premature EAPOL-Success flooding (1 - 3600 sec). type: int eapol_pre_succ_thresh: description: - The threshold value for premature EAPOL-Success flooding in specified interval. type: int eapol_start_flood: choices: - enable - disable description: - Enable/disable EAPOL-Start flooding (to AP) detection . type: str eapol_start_intv: description: - The detection interval for EAPOL-Start flooding (1 - 3600 sec). type: int eapol_start_thresh: description: - The threshold value for EAPOL-Start flooding in specified interval. type: int eapol_succ_flood: choices: - enable - disable description: - Enable/disable EAPOL-Success flooding (to AP) detection . type: str eapol_succ_intv: description: - The detection interval for EAPOL-Success flooding (1 - 3600 sec). type: int eapol_succ_thresh: description: - The threshold value for EAPOL-Success flooding in specified interval. type: int invalid_mac_oui: choices: - enable - disable description: - Enable/disable invalid MAC OUI detection. type: str long_duration_attack: choices: - enable - disable description: - Enable/disable long duration attack detection based on user configured threshold . type: str long_duration_thresh: description: - Threshold value for long duration attack detection (1000 - 32767 usec). type: int name: description: - WIDS profile name. required: true type: str null_ssid_probe_resp: choices: - enable - disable description: - Enable/disable null SSID probe response detection . type: str sensor_mode: choices: - disable - foreign - both description: - Scan nearby WiFi stations . type: str spoofed_deauth: choices: - enable - disable description: - Enable/disable spoofed de-authentication attack detection . type: str weak_wep_iv: choices: - enable - disable description: - Enable/disable weak WEP IV (Initialization Vector) detection . type: str wireless_bridge: choices: - enable - disable description: - Enable/disable wireless bridge detection . type: str type: dict
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str