Note
This module is part of the fortinet.fortimanager collection (version 2.10.0).
You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install fortinet.fortimanager.
To use it in a playbook, specify: fortinet.fortimanager.fmgr_pm_config_pblock_firewall_consolidated_policy.
New in fortinet.fortimanager 2.2.0
Parameter | Comments |
|---|---|
access_token string | The token to access FortiManager without using username and password. |
adom string / required | The parameter (adom) in requested url. |
bypass_validation boolean | Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. Choices:
|
enable_log boolean | Enable/Disable logging for task. Choices:
|
forticloud_access_token string | Authenticate Ansible client with forticloud API access token. |
pblock string / required | The parameter (pblock) in requested url. |
pm_config_pblock_firewall_consolidated_policy dictionary | The top level parameters set. |
|
_policy_block integer |
Assigned policy block. |
|
action string |
Policy action Choices:
|
|
app_category aliases: app-category any |
(list) App category. |
|
app_group aliases: app-group any |
(list) App group. |
|
application any |
(list) Application. |
|
application_list aliases: application-list string |
Name of an existing Application list. |
|
auto_asic_offload aliases: auto-asic-offload string |
Enable/disable policy traffic ASIC offloading. Choices:
|
|
av_profile aliases: av-profile string |
Name of an existing Antivirus profile. |
|
captive_portal_exempt aliases: captive-portal-exempt string |
Enable exemption of some users from the captive portal. Choices:
|
|
cifs_profile aliases: cifs-profile string |
Name of an existing CIFS profile. |
|
comments string |
Comment. |
|
diffserv_forward aliases: diffserv-forward string |
Enable to change packets DiffServ values to the specified diffservcode-forward value. Choices:
|
|
diffserv_reverse aliases: diffserv-reverse string |
Enable to change packets reverse Choices:
|
|
diffservcode_forward aliases: diffservcode-forward string |
Change packets DiffServ to this value. |
|
diffservcode_rev aliases: diffservcode-rev string |
Change packets reverse |
|
dlp_sensor aliases: dlp-sensor string |
Name of an existing DLP sensor. |
|
dnsfilter_profile aliases: dnsfilter-profile string |
Name of an existing DNS filter profile. |
|
dstaddr4 any |
(list) Destination IPv4 address name and address group names. |
|
dstaddr6 any |
(list) Destination IPv6 address name and address group names. |
|
dstaddr_negate aliases: dstaddr-negate string |
When enabled dstaddr specifies what the destination address must NOT be. Choices:
|
|
dstintf any |
(list) Outgoing |
|
emailfilter_profile aliases: emailfilter-profile string |
Name of an existing email filter profile. |
|
fixedport string |
Enable to prevent source NAT from changing a sessions source port. Choices:
|
|
fsso_groups aliases: fsso-groups any |
(list) Names of FSSO groups. |
|
global_label aliases: global-label string |
Label for the policy that appears when the GUI is in Global View mode. |
|
groups any |
(list) Names of user groups that can authenticate with this policy. |
|
http_policy_redirect aliases: http-policy-redirect string |
Redirect HTTP Choices:
|
|
icap_profile aliases: icap-profile string |
Name of an existing ICAP profile. |
|
inbound string |
Policy-based IPsec VPN Choices:
|
|
inspection_mode aliases: inspection-mode string |
Policy inspection mode Choices:
|
|
internet_service aliases: internet-service string |
Enable/disable use of Internet Services for this policy. Choices:
|
|
internet_service_custom aliases: internet-service-custom any |
(list) Custom Internet Service name. |
|
internet_service_custom_group aliases: internet-service-custom-group any |
(list) Custom Internet Service group name. |
|
internet_service_group aliases: internet-service-group any |
(list) Internet Service group name. |
|
internet_service_id aliases: internet-service-id any |
(list) Internet Service ID. |
|
internet_service_negate aliases: internet-service-negate string |
When enabled internet-service specifies what the service must NOT be. Choices:
|
|
internet_service_src aliases: internet-service-src string |
Enable/disable use of Internet Services in source for this policy. Choices:
|
|
internet_service_src_custom aliases: internet-service-src-custom any |
(list) Custom Internet Service source name. |
|
internet_service_src_custom_group aliases: internet-service-src-custom-group any |
(list) Custom Internet Service source group name. |
|
internet_service_src_group aliases: internet-service-src-group any |
(list) Internet Service source group name. |
|
internet_service_src_id aliases: internet-service-src-id any |
(list) Internet Service source ID. |
|
internet_service_src_negate aliases: internet-service-src-negate string |
When enabled internet-service-src specifies what the service must NOT be. Choices:
|
|
ippool string |
Enable to use IP Pools for source NAT. Choices:
|
|
ips_sensor aliases: ips-sensor string |
Name of an existing IPS sensor. |
|
logtraffic string |
Enable or disable logging. Choices:
|
|
logtraffic_start aliases: logtraffic-start string |
Record logs when a session starts. Choices:
|
|
mms_profile aliases: mms-profile string |
Name of an existing MMS profile. |
|
name string |
Policy name. |
|
nat string |
Enable/disable source NAT. Choices:
|
|
outbound string |
Policy-based IPsec VPN Choices:
|
|
per_ip_shaper aliases: per-ip-shaper string |
Per-IP traffic shaper. |
|
policyid integer / required |
Policy ID |
|
poolname4 any |
(list) IPv4 pool names. |
|
poolname6 any |
(list) IPv6 pool names. |
|
profile_group aliases: profile-group string |
Name of profile group. |
|
profile_protocol_options aliases: profile-protocol-options string |
Name of an existing Protocol options profile. |
|
profile_type aliases: profile-type string |
Determine whether the firewall policy allows security profile groups or single profiles only. Choices:
|
|
schedule string |
Schedule name. |
|
service any |
(list) Service and service group names. |
|
service_negate aliases: service-negate string |
When enabled service specifies what the service must NOT be. Choices:
|
|
session_ttl aliases: session-ttl integer |
TTL in seconds for sessions accepted by this policy |
|
srcaddr4 any |
(list) Source IPv4 address name and address group names. |
|
srcaddr6 any |
(list) Source IPv6 address name and address group names. |
|
srcaddr_negate aliases: srcaddr-negate string |
When enabled srcaddr specifies what the source address must NOT be. Choices:
|
|
srcintf any |
(list) Incoming |
|
ssh_filter_profile aliases: ssh-filter-profile string |
Name of an existing SSH filter profile. |
|
ssh_policy_redirect aliases: ssh-policy-redirect string |
Redirect SSH traffic to matching transparent proxy policy. Choices:
|
|
ssl_ssh_profile aliases: ssl-ssh-profile string |
Name of an existing SSL SSH profile. |
|
status string |
Enable or disable this policy. Choices:
|
|
tcp_mss_receiver aliases: tcp-mss-receiver integer |
Receiver TCP maximum segment size |
|
tcp_mss_sender aliases: tcp-mss-sender integer |
Sender TCP maximum segment size |
|
traffic_shaper aliases: traffic-shaper string |
Traffic shaper. |
|
traffic_shaper_reverse aliases: traffic-shaper-reverse string |
Reverse traffic shaper. |
|
url_category aliases: url-category any |
(list) Url category. |
|
users any |
(list) Names of individual users that can authenticate with this policy. |
|
utm_status aliases: utm-status string |
Enable to add one or more security profiles Choices:
|
|
uuid string |
Universally Unique Identifier |
|
voip_profile aliases: voip-profile string |
Name of an existing VoIP profile. |
|
vpntunnel string |
Policy-based IPsec VPN |
|
waf_profile aliases: waf-profile string |
Name of an existing Web application firewall profile. |
|
wanopt string |
Enable/disable WAN optimization. Choices:
|
|
wanopt_detection aliases: wanopt-detection string |
WAN optimization auto-detection mode. Choices:
|
|
wanopt_passive_opt aliases: wanopt-passive-opt string |
WAN optimization passive mode options. Choices:
|
|
wanopt_peer aliases: wanopt-peer string |
WAN optimization peer. |
|
wanopt_profile aliases: wanopt-profile string |
WAN optimization profile. |
|
webcache string |
Enable/disable web cache. Choices:
|
|
webcache_https aliases: webcache-https string |
Enable/disable web cache for HTTPS. Choices:
|
|
webfilter_profile aliases: webfilter-profile string |
Name of an existing Web filter profile. |
|
webproxy_forward_server aliases: webproxy-forward-server string |
Webproxy forward server name. |
|
webproxy_profile aliases: webproxy-profile string |
Webproxy profile name. |
proposed_method string | The overridden method for the underlying Json RPC request. Choices:
|
rc_failed list / elements=integer | The rc codes list with which the conditions to fail will be overriden. |
rc_succeeded list / elements=integer | The rc codes list with which the conditions to succeed will be overriden. |
state string / required | The directive to create, update or delete an object. Choices:
|
workspace_locking_adom string | The adom to lock for FortiManager running in workspace mode, the value can be global and others including root. |
workspace_locking_timeout integer | The maximum time in seconds to wait for other user to release the workspace lock. Default: |
Note
- name: Example playbook (generated based on argument schema)
hosts: fortimanagers
connection: httpapi
gather_facts: false
vars:
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_httpapi_port: 443
tasks:
- name: Configure consolidated IPv4/IPv6 policies.
fortinet.fortimanager.fmgr_pm_config_pblock_firewall_consolidated_policy:
# bypass_validation: false
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
# rc_succeeded: [0, -2, -3, ...]
# rc_failed: [-2, -3, ...]
adom: <your own value>
pblock: <your own value>
state: present # <value in [present, absent]>
pm_config_pblock_firewall_consolidated_policy:
policyid: 0 # Required variable, integer
# _policy_block: <integer>
# action: <value in [deny, accept, ipsec]>
# app_category: <list or string>
# app_group: <list or string>
# application: <list or integer>
# application_list: <string>
# auto_asic_offload: <value in [disable, enable]>
# av_profile: <string>
# captive_portal_exempt: <value in [disable, enable]>
# cifs_profile: <string>
# comments: <string>
# diffserv_forward: <value in [disable, enable]>
# diffserv_reverse: <value in [disable, enable]>
# diffservcode_forward: <string>
# diffservcode_rev: <string>
# dlp_sensor: <string>
# dnsfilter_profile: <string>
# dstaddr_negate: <value in [disable, enable]>
# dstaddr4: <list or string>
# dstaddr6: <list or string>
# dstintf: <list or string>
# emailfilter_profile: <string>
# fixedport: <value in [disable, enable]>
# fsso_groups: <list or string>
# global_label: <string>
# groups: <list or string>
# http_policy_redirect: <value in [disable, enable]>
# icap_profile: <string>
# inbound: <value in [disable, enable]>
# inspection_mode: <value in [proxy, flow]>
# internet_service: <value in [disable, enable]>
# internet_service_custom: <list or string>
# internet_service_custom_group: <list or string>
# internet_service_group: <list or string>
# internet_service_id: <list or string>
# internet_service_negate: <value in [disable, enable]>
# internet_service_src: <value in [disable, enable]>
# internet_service_src_custom: <list or string>
# internet_service_src_custom_group: <list or string>
# internet_service_src_group: <list or string>
# internet_service_src_id: <list or string>
# internet_service_src_negate: <value in [disable, enable]>
# ippool: <value in [disable, enable]>
# ips_sensor: <string>
# logtraffic: <value in [disable, all, utm]>
# logtraffic_start: <value in [disable, enable]>
# mms_profile: <string>
# name: <string>
# nat: <value in [disable, enable]>
# outbound: <value in [disable, enable]>
# per_ip_shaper: <string>
# poolname4: <list or string>
# poolname6: <list or string>
# profile_group: <string>
# profile_protocol_options: <string>
# profile_type: <value in [single, group]>
# schedule: <string>
# service: <list or string>
# service_negate: <value in [disable, enable]>
# session_ttl: <integer>
# srcaddr_negate: <value in [disable, enable]>
# srcaddr4: <list or string>
# srcaddr6: <list or string>
# srcintf: <list or string>
# ssh_filter_profile: <string>
# ssh_policy_redirect: <value in [disable, enable]>
# ssl_ssh_profile: <string>
# status: <value in [disable, enable]>
# tcp_mss_receiver: <integer>
# tcp_mss_sender: <integer>
# traffic_shaper: <string>
# traffic_shaper_reverse: <string>
# url_category: <list or string>
# users: <list or string>
# utm_status: <value in [disable, enable]>
# uuid: <string>
# voip_profile: <string>
# vpntunnel: <string>
# waf_profile: <string>
# wanopt: <value in [disable, enable]>
# wanopt_detection: <value in [active, passive, off]>
# wanopt_passive_opt: <value in [default, transparent, non-transparent]>
# wanopt_peer: <string>
# wanopt_profile: <string>
# webcache: <value in [disable, enable]>
# webcache_https: <value in [disable, enable]>
# webfilter_profile: <string>
# webproxy_forward_server: <string>
# webproxy_profile: <string>
Common return values are documented here, the following are the fields unique to this module:
Key | Description |
|---|---|
meta dictionary | The result of the request. Returned: always |
|
request_url string |
The full url requested. Returned: always Sample: |
|
response_code integer |
The status of api request. Returned: always Sample: |
|
response_data list / elements=string |
The api response. Returned: always |
|
response_message string |
The descriptive message of the api response. Returned: always Sample: |
|
system_information dictionary |
The information of the target system. Returned: always |
rc integer | The status the request. Returned: always Sample: |
version_check_warning list / elements=string | Warning if the parameters used in the playbook are not supported by the current FortiManager version. Returned: complex |
© 2012–2018 Michael DeHaan
© 2018–2025 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/fortinet/fortimanager/fmgr_pm_config_pblock_firewall_consolidated_policy_module.html