W3cubDocs

/Ansible

fortinet.fortimanager.fmgr_firewall_profileprotocoloptions – Configure protocol options.

Note

This plugin is part of the fortinet.fortimanager collection (version 2.1.3).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_firewall_profileprotocoloptions.

New in version 2.10: of fortinet.fortimanager

Synopsis
Parameters
Notes
Examples
Return Values

Synopsis

This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters

Parameter					Choices/Defaults	Comments
adom string / required						the parameter (adom) in requested url
bypass_validation boolean					Choices: no ← yes	only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters
enable_log boolean					Choices: no ← yes	Enable/Disable logging for task
firewall_profileprotocoloptions dictionary						the top level parameters set
	cifs dictionary					no description
		domain-controller string				Domain for which to decrypt CIFS traffic.
		file-filter dictionary				no description
			entries list / elements=string			no description
				action string	Choices: log block	Action taken for matched file.
				comment string		Comment.
				direction string	Choices: any incoming outgoing	Match files transmitted in the sessions originating or reply direction.
				file-type string		no description
				filter string		Add a file filter.
				protocol list / elements=string	Choices: cifs	no description
			log string		Choices: disable enable	Enable/disable file filter logging.
			status string		Choices: disable enable	Enable/disable file filter.
		options list / elements=string			Choices: oversize	no description
		oversize-limit integer				Maximum in-memory file size that can be scanned (1 - 383 MB, default = 10).
		ports integer				no description
		scan-bzip2 string			Choices: disable enable	Enable/disable scanning of BZip2 compressed files.
		server-credential-type string			Choices: none credential-replication credential-keytab	CIFS server credential type.
		server-keytab list / elements=string				no description
			keytab string			Base64 encoded keytab file containing credential of the server.
			password string			no description
			principal string			Service principal. For example, "host/[email protected]".
		status string			Choices: disable enable	Enable/disable the active status of scanning for this protocol.
		tcp-window-maximum integer				Maximum dynamic TCP window size (default = 8MB).
		tcp-window-minimum integer				Minimum dynamic TCP window size (default = 128KB).
		tcp-window-size integer				Set TCP static window size (default = 256KB).
		tcp-window-type string			Choices: system static dynamic	Specify type of TCP window to use for this protocol.
		uncompressed-nest-limit integer				Maximum nested levels of compression that can be uncompressed and scanned (2 - 100, default = 12).
		uncompressed-oversize-limit integer				Maximum in-memory uncompressed file size that can be scanned (0 - 383 MB, 0 = unlimited, default = 10).
	comment string					Optional comments.
	dns dictionary					no description
		ports integer				no description
		status string			Choices: disable enable	Enable/disable the active status of scanning for this protocol.
	feature-set string				Choices: proxy flow	Flow/proxy feature set.
	ftp dictionary					no description
		comfort-amount integer				Amount of data to send in a transmission for client comforting (1 - 65535 bytes, default = 1).
		comfort-interval integer				Period of time between start, or last transmission, and the next client comfort transmission of data (1 - 900 sec, def...
		inspect-all string			Choices: disable enable	Enable/disable the inspection of all ports for the protocol.
		options list / elements=string			Choices: clientcomfort no-content-summary oversize splice bypass-rest-command bypass-mode-command	no description
		oversize-limit integer				Maximum in-memory file size that can be scanned (1 - 383 MB, default = 10).
		ports integer				no description
		scan-bzip2 string			Choices: disable enable	Enable/disable scanning of BZip2 compressed files.
		ssl-offloaded string			Choices: no yes	SSL decryption and encryption performed by an external device.
		status string			Choices: disable enable	Enable/disable the active status of scanning for this protocol.
		stream-based-uncompressed-limit integer				Maximum stream-based uncompressed data size that will be scanned (MB, 0 = unlimited (default). Stream-based uncompres...
		tcp-window-maximum integer				Maximum dynamic TCP window size.
		tcp-window-minimum integer				Minimum dynamic TCP window size.
		tcp-window-size integer				Set TCP static window size.
		tcp-window-type string			Choices: system static dynamic	TCP window type to use for this protocol.
		uncompressed-nest-limit integer				Maximum nested levels of compression that can be uncompressed and scanned (2 - 100, default = 12).
		uncompressed-oversize-limit integer				Maximum in-memory uncompressed file size that can be scanned (0 - 383 MB, 0 = unlimited, default = 10).
	http dictionary					no description
		block-page-status-code integer				Code number returned for blocked HTTP pages (non-FortiGuard only) (100 - 599, default = 403).
		comfort-amount integer				Amount of data to send in a transmission for client comforting (1 - 65535 bytes, default = 1).
		comfort-interval integer				Period of time between start, or last transmission, and the next client comfort transmission of data (1 - 900 sec, def...
		fortinet-bar string			Choices: disable enable	no description
		fortinet-bar-port integer				no description
		inspect-all string			Choices: disable enable	Enable/disable the inspection of all ports for the protocol.
		options list / elements=string			Choices: oversize chunkedbypass clientcomfort no-content-summary servercomfort	no description
		oversize-limit integer				Maximum in-memory file size that can be scanned (1 - 383 MB, default = 10).
		ports integer				no description
		post-lang list / elements=string			Choices: jisx0201 jisx0208 jisx0212 gb2312 ksc5601-ex euc-jp sjis iso2022-jp iso2022-jp-1 iso2022-jp-2 euc-cn ces-gbk hz ces-big5 euc-kr iso2022-jp-3 iso8859-1 tis620 cp874 cp1252 cp1251	no description
		proxy-after-tcp-handshake string			Choices: disable enable	Proxy traffic after the TCP 3-way handshake has been established (not before).
		range-block string			Choices: disable enable	Enable/disable blocking of partial downloads.
		retry-count integer				Number of attempts to retry HTTP connection (0 - 100, default = 0).
		scan-bzip2 string			Choices: disable enable	Enable/disable scanning of BZip2 compressed files.
		ssl-offloaded string			Choices: no yes	SSL decryption and encryption performed by an external device.
		status string			Choices: disable enable	Enable/disable the active status of scanning for this protocol.
		stream-based-uncompressed-limit integer				Maximum stream-based uncompressed data size that will be scanned (MB, 0 = unlimited (default). Stream-based uncompres...
		streaming-content-bypass string			Choices: disable enable	Enable/disable bypassing of streaming content from buffering.
		strip-x-forwarded-for string			Choices: disable enable	Enable/disable stripping of HTTP X-Forwarded-For header.
		switching-protocols string			Choices: bypass block	Bypass from scanning, or block a connection that attempts to switch protocol.
		tcp-window-maximum integer				Maximum dynamic TCP window size (default = 8MB).
		tcp-window-minimum integer				Minimum dynamic TCP window size (default = 128KB).
		tcp-window-size integer				Set TCP static window size (default = 256KB).
		tcp-window-type string			Choices: system static dynamic	Specify type of TCP window to use for this protocol.
		tunnel-non-http string			Choices: disable enable	Configure how to process non-HTTP traffic when a profile configured for HTTP traffic accepts a non-HTTP session. Can o...
		uncompressed-nest-limit integer				Maximum nested levels of compression that can be uncompressed and scanned (2 - 100, default = 12).
		uncompressed-oversize-limit integer				Maximum in-memory uncompressed file size that can be scanned (0 - 383 MB, 0 = unlimited, default = 10).
		unknown-http-version string			Choices: best-effort reject tunnel	How to handle HTTP sessions that do not comply with HTTP 0.9, 1.0, or 1.1.
	imap dictionary					no description
		inspect-all string			Choices: disable enable	Enable/disable the inspection of all ports for the protocol.
		options list / elements=string			Choices: oversize fragmail no-content-summary	no description
		oversize-limit integer				Maximum in-memory file size that can be scanned (1 - 383 MB, default = 10).
		ports integer				no description
		proxy-after-tcp-handshake string			Choices: disable enable	Proxy traffic after the TCP 3-way handshake has been established (not before).
		scan-bzip2 string			Choices: disable enable	Enable/disable scanning of BZip2 compressed files.
		ssl-offloaded string			Choices: no yes	SSL decryption and encryption performed by an external device.
		status string			Choices: disable enable	Enable/disable the active status of scanning for this protocol.
		uncompressed-nest-limit integer				Maximum nested levels of compression that can be uncompressed and scanned (2 - 100, default = 12).
		uncompressed-oversize-limit integer				Maximum in-memory uncompressed file size that can be scanned (0 - 383 MB, 0 = unlimited, default = 10).
	mail-signature dictionary					no description
		signature string				Email signature to be added to outgoing email (if the signature contains spaces, enclose with quotation marks).
		status string			Choices: disable enable	Enable/disable adding an email signature to SMTP email messages as they pass through the FortiGate.
	mapi dictionary					no description
		options list / elements=string			Choices: fragmail oversize no-content-summary	no description
		oversize-limit integer				Maximum in-memory file size that can be scanned (1 - 383 MB, default = 10).
		ports integer				no description
		scan-bzip2 string			Choices: disable enable	Enable/disable scanning of BZip2 compressed files.
		status string			Choices: disable enable	Enable/disable the active status of scanning for this protocol.
		uncompressed-nest-limit integer				Maximum nested levels of compression that can be uncompressed and scanned (2 - 100, default = 12).
		uncompressed-oversize-limit integer				Maximum in-memory uncompressed file size that can be scanned (0 - 383 MB, 0 = unlimited, default = 10).
	name string					Name.
	nntp dictionary					no description
		inspect-all string			Choices: disable enable	Enable/disable the inspection of all ports for the protocol.
		options list / elements=string			Choices: oversize no-content-summary splice	no description
		oversize-limit integer				Maximum in-memory file size that can be scanned (1 - 383 MB, default = 10).
		ports integer				no description
		proxy-after-tcp-handshake string			Choices: disable enable	Proxy traffic after the TCP 3-way handshake has been established (not before).
		scan-bzip2 string			Choices: disable enable	Enable/disable scanning of BZip2 compressed files.
		status string			Choices: disable enable	Enable/disable the active status of scanning for this protocol.
		uncompressed-nest-limit integer				Maximum nested levels of compression that can be uncompressed and scanned (2 - 100, default = 12).
		uncompressed-oversize-limit integer				Maximum in-memory uncompressed file size that can be scanned (0 - 383 MB, 0 = unlimited, default = 10).
	oversize-log string				Choices: disable enable	Enable/disable logging for antivirus oversize file blocking.
	pop3 dictionary					no description
		inspect-all string			Choices: disable enable	Enable/disable the inspection of all ports for the protocol.
		options list / elements=string			Choices: oversize fragmail no-content-summary	no description
		oversize-limit integer				Maximum in-memory file size that can be scanned (1 - 383 MB, default = 10).
		ports integer				no description
		proxy-after-tcp-handshake string			Choices: disable enable	Proxy traffic after the TCP 3-way handshake has been established (not before).
		scan-bzip2 string			Choices: disable enable	Enable/disable scanning of BZip2 compressed files.
		ssl-offloaded string			Choices: no yes	SSL decryption and encryption performed by an external device.
		status string			Choices: disable enable	Enable/disable the active status of scanning for this protocol.
		uncompressed-nest-limit integer				Maximum nested levels of compression that can be uncompressed and scanned (2 - 100, default = 12).
		uncompressed-oversize-limit integer				Maximum in-memory uncompressed file size that can be scanned (0 - 383 MB, 0 = unlimited, default = 10).
	replacemsg-group string					Name of the replacement message group to be used
	rpc-over-http string				Choices: disable enable	Enable/disable inspection of RPC over HTTP.
	smtp dictionary					no description
		inspect-all string			Choices: disable enable	Enable/disable the inspection of all ports for the protocol.
		options list / elements=string			Choices: oversize fragmail no-content-summary splice	no description
		oversize-limit integer				Maximum in-memory file size that can be scanned (1 - 383 MB, default = 10).
		ports integer				no description
		proxy-after-tcp-handshake string			Choices: disable enable	Proxy traffic after the TCP 3-way handshake has been established (not before).
		scan-bzip2 string			Choices: disable enable	Enable/disable scanning of BZip2 compressed files.
		server-busy string			Choices: disable enable	Enable/disable SMTP server busy when server not available.
		ssl-offloaded string			Choices: no yes	SSL decryption and encryption performed by an external device.
		status string			Choices: disable enable	Enable/disable the active status of scanning for this protocol.
		uncompressed-nest-limit integer				Maximum nested levels of compression that can be uncompressed and scanned (2 - 100, default = 12).
		uncompressed-oversize-limit integer				Maximum in-memory uncompressed file size that can be scanned (0 - 383 MB, 0 = unlimited, default = 10).
	ssh dictionary					no description
		comfort-amount integer				Amount of data to send in a transmission for client comforting (1 - 65535 bytes, default = 1).
		comfort-interval integer				Period of time between start, or last transmission, and the next client comfort transmission of data (1 - 900 sec, def...
		options list / elements=string			Choices: oversize clientcomfort servercomfort	no description
		oversize-limit integer				Maximum in-memory file size that can be scanned (1 - 383 MB, default = 10).
		scan-bzip2 string			Choices: disable enable	Enable/disable scanning of BZip2 compressed files.
		ssl-offloaded string			Choices: no yes	SSL decryption and encryption performed by an external device.
		stream-based-uncompressed-limit integer				Maximum stream-based uncompressed data size that will be scanned (MB, 0 = unlimited (default). Stream-based uncompres...
		tcp-window-maximum integer				Maximum dynamic TCP window size.
		tcp-window-minimum integer				Minimum dynamic TCP window size.
		tcp-window-size integer				Set TCP static window size.
		tcp-window-type string			Choices: system static dynamic	TCP window type to use for this protocol.
		uncompressed-nest-limit integer				Maximum nested levels of compression that can be uncompressed and scanned (2 - 100, default = 12).
		uncompressed-oversize-limit integer				Maximum in-memory uncompressed file size that can be scanned (0 - 383 MB, 0 = unlimited, default = 10).
	switching-protocols-log string				Choices: disable enable	Enable/disable logging for HTTP/HTTPS switching protocols.
proposed_method string					Choices: update set add	The overridden method for the underlying Json RPC request
rc_failed list / elements=string						the rc codes list with which the conditions to fail will be overriden
rc_succeeded list / elements=string						the rc codes list with which the conditions to succeed will be overriden
state string / required					Choices: present absent	the directive to create, update or delete an object
workspace_locking_adom string						the adom to lock for FortiManager running in workspace mode, the value can be global and others including root
workspace_locking_timeout integer					Default: 300	the maximum time in seconds to wait for other user to release the workspace lock

Notes

Note

Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
To create or update an object, use state present directive.
To delete an object, use state absent directive.
Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- hosts: fortimanager-inventory
  collections:
    - fortinet.fortimanager
  connection: httpapi
  vars:
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_httpapi_port: 443
  tasks:
   - name: Configure protocol options.
     fmgr_firewall_profileprotocoloptions:
        bypass_validation: False
        workspace_locking_adom: <value in [global, custom adom including root]>
        workspace_locking_timeout: 300
        rc_succeeded: [0, -2, -3, ...]
        rc_failed: [-2, -3, ...]
        adom: <your own value>
        state: <value in [present, absent]>
        firewall_profileprotocoloptions:
           comment: <value of string>
           name: <value of string>
           oversize-log: <value in [disable, enable]>
           replacemsg-group: <value of string>
           rpc-over-http: <value in [disable, enable]>
           switching-protocols-log: <value in [disable, enable]>
           feature-set: <value in [proxy, flow]>
           cifs:
              domain-controller: <value of string>
              file-filter:
                 entries:
                   -
                       action: <value in [log, block]>
                       comment: <value of string>
                       direction: <value in [any, incoming, outgoing]>
                       file-type: <value of string>
                       filter: <value of string>
                       protocol:
                         - cifs
                 log: <value in [disable, enable]>
                 status: <value in [disable, enable]>
              options:
                - oversize
              oversize-limit: <value of integer>
              ports: <value of integer>
              scan-bzip2: <value in [disable, enable]>
              server-credential-type: <value in [none, credential-replication, credential-keytab]>
              server-keytab:
                -
                    keytab: <value of string>
                    password: <value of string>
                    principal: <value of string>
              status: <value in [disable, enable]>
              tcp-window-maximum: <value of integer>
              tcp-window-minimum: <value of integer>
              tcp-window-size: <value of integer>
              tcp-window-type: <value in [system, static, dynamic]>
              uncompressed-nest-limit: <value of integer>
              uncompressed-oversize-limit: <value of integer>
           dns:
              ports: <value of integer>
              status: <value in [disable, enable]>
           ftp:
              comfort-amount: <value of integer>
              comfort-interval: <value of integer>
              inspect-all: <value in [disable, enable]>
              options:
                - clientcomfort
                - no-content-summary
                - oversize
                - splice
                - bypass-rest-command
                - bypass-mode-command
              oversize-limit: <value of integer>
              ports: <value of integer>
              scan-bzip2: <value in [disable, enable]>
              ssl-offloaded: <value in [no, yes]>
              status: <value in [disable, enable]>
              uncompressed-nest-limit: <value of integer>
              uncompressed-oversize-limit: <value of integer>
              stream-based-uncompressed-limit: <value of integer>
              tcp-window-maximum: <value of integer>
              tcp-window-minimum: <value of integer>
              tcp-window-size: <value of integer>
              tcp-window-type: <value in [system, static, dynamic]>
           http:
              block-page-status-code: <value of integer>
              comfort-amount: <value of integer>
              comfort-interval: <value of integer>
              fortinet-bar: <value in [disable, enable]>
              fortinet-bar-port: <value of integer>
              inspect-all: <value in [disable, enable]>
              options:
                - oversize
                - chunkedbypass
                - clientcomfort
                - no-content-summary
                - servercomfort
              oversize-limit: <value of integer>
              ports: <value of integer>
              post-lang:
                - jisx0201
                - jisx0208
                - jisx0212
                - gb2312
                - ksc5601-ex
                - euc-jp
                - sjis
                - iso2022-jp
                - iso2022-jp-1
                - iso2022-jp-2
                - euc-cn
                - ces-gbk
                - hz
                - ces-big5
                - euc-kr
                - iso2022-jp-3
                - iso8859-1
                - tis620
                - cp874
                - cp1252
                - cp1251
              proxy-after-tcp-handshake: <value in [disable, enable]>
              range-block: <value in [disable, enable]>
              retry-count: <value of integer>
              scan-bzip2: <value in [disable, enable]>
              ssl-offloaded: <value in [no, yes]>
              status: <value in [disable, enable]>
              stream-based-uncompressed-limit: <value of integer>
              streaming-content-bypass: <value in [disable, enable]>
              strip-x-forwarded-for: <value in [disable, enable]>
              switching-protocols: <value in [bypass, block]>
              tcp-window-maximum: <value of integer>
              tcp-window-minimum: <value of integer>
              tcp-window-size: <value of integer>
              tcp-window-type: <value in [system, static, dynamic]>
              tunnel-non-http: <value in [disable, enable]>
              uncompressed-nest-limit: <value of integer>
              uncompressed-oversize-limit: <value of integer>
              unknown-http-version: <value in [best-effort, reject, tunnel]>
           imap:
              inspect-all: <value in [disable, enable]>
              options:
                - oversize
                - fragmail
                - no-content-summary
              oversize-limit: <value of integer>
              ports: <value of integer>
              proxy-after-tcp-handshake: <value in [disable, enable]>
              scan-bzip2: <value in [disable, enable]>
              ssl-offloaded: <value in [no, yes]>
              status: <value in [disable, enable]>
              uncompressed-nest-limit: <value of integer>
              uncompressed-oversize-limit: <value of integer>
           mail-signature:
              signature: <value of string>
              status: <value in [disable, enable]>
           mapi:
              options:
                - fragmail
                - oversize
                - no-content-summary
              oversize-limit: <value of integer>
              ports: <value of integer>
              scan-bzip2: <value in [disable, enable]>
              status: <value in [disable, enable]>
              uncompressed-nest-limit: <value of integer>
              uncompressed-oversize-limit: <value of integer>
           nntp:
              inspect-all: <value in [disable, enable]>
              options:
                - oversize
                - no-content-summary
                - splice
              oversize-limit: <value of integer>
              ports: <value of integer>
              proxy-after-tcp-handshake: <value in [disable, enable]>
              scan-bzip2: <value in [disable, enable]>
              status: <value in [disable, enable]>
              uncompressed-nest-limit: <value of integer>
              uncompressed-oversize-limit: <value of integer>
           pop3:
              inspect-all: <value in [disable, enable]>
              options:
                - oversize
                - fragmail
                - no-content-summary
              oversize-limit: <value of integer>
              ports: <value of integer>
              proxy-after-tcp-handshake: <value in [disable, enable]>
              scan-bzip2: <value in [disable, enable]>
              ssl-offloaded: <value in [no, yes]>
              status: <value in [disable, enable]>
              uncompressed-nest-limit: <value of integer>
              uncompressed-oversize-limit: <value of integer>
           smtp:
              inspect-all: <value in [disable, enable]>
              options:
                - oversize
                - fragmail
                - no-content-summary
                - splice
              oversize-limit: <value of integer>
              ports: <value of integer>
              proxy-after-tcp-handshake: <value in [disable, enable]>
              scan-bzip2: <value in [disable, enable]>
              server-busy: <value in [disable, enable]>
              ssl-offloaded: <value in [no, yes]>
              status: <value in [disable, enable]>
              uncompressed-nest-limit: <value of integer>
              uncompressed-oversize-limit: <value of integer>
           ssh:
              comfort-amount: <value of integer>
              comfort-interval: <value of integer>
              options:
                - oversize
                - clientcomfort
                - servercomfort
              oversize-limit: <value of integer>
              scan-bzip2: <value in [disable, enable]>
              uncompressed-nest-limit: <value of integer>
              uncompressed-oversize-limit: <value of integer>
              ssl-offloaded: <value in [no, yes]>
              stream-based-uncompressed-limit: <value of integer>
              tcp-window-maximum: <value of integer>
              tcp-window-minimum: <value of integer>
              tcp-window-size: <value of integer>
              tcp-window-type: <value in [system, static, dynamic]>

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Returned	Description
request_url string	always	The full url requested Sample: /sys/login/user
response_code integer	always	The status of api request
response_message string	always	The descriptive message of the api response Sample: OK.

Authors

Link Zheng (@chillancezen)
Jie Xue (@JieX19)
Frank Shen (@fshen01)
Hongbin Lu (@fgtdev-hblu)

© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/fortinet/fortimanager/fmgr_firewall_profileprotocoloptions_module.html